[webkit-changes] [WebKit/WebKit] 78561c: Crash due to race to the map in WorkerInspectorPro...

Kimmo Kinnunen noreply at github.com
Wed Oct 5 00:29:35 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 78561c18d0d29f97e8e49b2822e7e522534d53a4
      https://github.com/WebKit/WebKit/commit/78561c18d0d29f97e8e49b2822e7e522534d53a4
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2022-10-05 (Wed, 05 Oct 2022)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/workers/many-nested-workers-no-crash-expected.txt
    A LayoutTests/workers/many-nested-workers-no-crash.html
    A LayoutTests/workers/resources/many-nested-workers-parent.js
    A LayoutTests/workers/resources/many-nested-workers.js
    M Source/WebCore/inspector/InspectorInstrumentation.h
    M Source/WebCore/inspector/InspectorInstrumentationPublic.cpp
    M Source/WebCore/inspector/InspectorInstrumentationPublic.h
    M Source/WebCore/inspector/agents/InspectorWorkerAgent.cpp
    M Source/WebCore/workers/WorkerInspectorProxy.cpp
    M Source/WebCore/workers/WorkerInspectorProxy.h

  Log Message:
  -----------
  Crash due to race to the map in WorkerInspectorProxy::allWorkerInspectorProxies()
https://bugs.webkit.org/show_bug.cgi?id=245460
rdar://problem/100209198

Reviewed by David Kilzer.

Protect the global map with a mutex, so concurrent adds, removes and gets
are more consistent.

Construct the WorkerInspectorProxy weak pointer factory eagerly,
so that when potentially multiple threads construct a weak pointer,
they do not race to create and store the factory. Also ensurest that
the factory is created in the creation thread, which presumably is
also the thread that uses the weak pointer.

* LayoutTests/workers/many-nested-workers-no-crash-expected.txt: Added.
* LayoutTests/workers/many-nested-workers-no-crash.html: Added.
* LayoutTests/workers/resources/many-nested-workers-parent.js: Added.
(try.i.worker.onmessage):
(catch):
* LayoutTests/workers/resources/many-nested-workers.js: Added.
(onmessage):

Canonical link: https://commits.webkit.org/255158@main

More information about the webkit-changes mailing list