[webkit-changes] [WebKit/WebKit] e78988: REGRESSION (iOS 16 Beta): Crash adding / removing ...

Alex Christensen noreply at github.com
Sat Sep 17 17:40:53 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e7898844fe5a7ac2ccc907df169803ed6fad3399
      https://github.com/WebKit/WebKit/commit/e7898844fe5a7ac2ccc907df169803ed6fad3399
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2022-09-17 (Sat, 17 Sep 2022)

  Changed paths:
    M Source/WebKit/Shared/WebUserContentControllerDataTypes.cpp
    M Source/WebKit/Shared/WebUserContentControllerDataTypes.h
    M Source/WebKit/UIProcess/UserContent/WebScriptMessageHandler.cpp
    M Source/WebKit/UIProcess/UserContent/WebScriptMessageHandler.h
    M Source/WebKit/WebProcess/UserContent/WebUserContentController.cpp

  Log Message:
  -----------
  REGRESSION (iOS 16 Beta): Crash adding / removing ScriptMessageHandlers to WKUserContentController
https://bugs.webkit.org/show_bug.cgi?id=243343

Reviewed by Chris Dumez.

250289 at main made WebScriptMessageHandler.m_name an AtomString instead of a String.
This makes it easier for the UI process to crash because of corrupted AtomString tables
due to either misusing APIs on background threads or constructing a JSContext before initializing threading,
which then calls SmallStrings::initializeCommonStrings in the VM constructor.
Unfortunately TestWebKitAPI initializes threading in the TestsController constructor before starting any test code,
so we don't have CI infrastructure that can prevent regressions like this right now.
I did, however, verify that the example app WKWebViewBridgeCrashJSContext asserts every time and crashes sometimes
before this fix but not after.

* Source/WebKit/Shared/WebUserContentControllerDataTypes.cpp:
(WebKit::WebScriptMessageHandlerData::decode):
* Source/WebKit/Shared/WebUserContentControllerDataTypes.h:
* Source/WebKit/UIProcess/UserContent/WebScriptMessageHandler.cpp:
(WebKit::WebScriptMessageHandler::create):
(WebKit::WebScriptMessageHandler::WebScriptMessageHandler):
* Source/WebKit/UIProcess/UserContent/WebScriptMessageHandler.h:
(WebKit::WebScriptMessageHandler::name const):
* Source/WebKit/WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::addUserScriptMessageHandlers):

Canonical link: https://commits.webkit.org/254599@main

More information about the webkit-changes mailing list