Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 927f3f7dfde6e87358894dd55b3a583f4964c36e
https://github.com/WebKit/WebKit/commit/927f3f7dfde6e87358894dd55b3a583f4964c36e
Author: Brady Eidson <beid...@apple.com>
Date: 2024-06-18 (Tue, 18 Jun 2024)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
Log Message:
-----------
Fix a specific crash where a WebPageProxy outlives its PageClient
rdar://129558032
https://bugs.webkit.org/show_bug.cgi?id=275508
Reviewed by Youenn Fablet.
It's known that WebPageProxy objects can outlive their client view object
(WKContentView or WebViewImpl)
And since the client view object owns the PageClient, WebPageProxy objects can
exist without a PageClient.
The WebPageProxy::pageClient() accessor acknowledges this with a debug-only
ASSERT.
The gamepad access hysteresis skips some of the other "close() or process
crashed" cleanup that other
member objects perform, such as timers. So it's very possible that simply
cancelling the hysteresis when
those events occur is good enough.
This patch does that, but also explicitly closes the hazard of assuming the
PageClient is non-null.
I believe there's still a submarine risk of many other "protectedPageClient()"
calls happening on a null
page client, driven by racey IPC timing. A followup will apply null checking
more widely.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::optionalProtectedPageClient const):
(WebKit::WebPageProxy::close):
(WebKit::WebPageProxy::resetStateAfterProcessExited):
(WebKit::WebPageProxy::recentGamepadAccessStateChanged):
* Source/WebKit/UIProcess/WebPageProxy.h:
Canonical link: https://commits.webkit.org/280131@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
