[webkit-changes] [WebKit/WebKit] c5617f: Crash when ResponsivenessTimer fires

Chris Dumez noreply at github.com
Tue Dec 3 12:23:19 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c5617f4184ab9289950d98b59eb5803d405edf6e
      https://github.com/WebKit/WebKit/commit/c5617f4184ab9289950d98b59eb5803d405edf6e
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-12-03 (Tue, 03 Dec 2024)

  Changed paths:
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/ResponsivenessTimer.cpp
    M Source/WebKit/UIProcess/ResponsivenessTimer.h

  Log Message:
  -----------
  Crash when ResponsivenessTimer fires
https://bugs.webkit.org/show_bug.cgi?id=283948
rdar://140572152

Reviewed by Darin Adler and Brady Eidson.

I recently made it so that RunLoop::Timer will protect the object it is calling
the "timeout" function on, either via a RefPtr or a CheckedPtr. Given that
ResponsivenessTimer subclassed CanMakeCheckedPtr, it would use a CheckedPtr.

As a speculative fix for the crash, make ResponsivenessTimer RefCounted. As a
result, RunLoop::Timer will now ref the ResponsivenessTimer before calling
`timerFired()` on it, which should be safer than a CheckedPtr. One could
imagine `timerFired()` causing the ResponsivenessTimer to get destroyed
otherwise, since it calls some client functions.

* Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
(WebKit::AuxiliaryProcessProxy::stopResponsivenessTimer):
(WebKit::AuxiliaryProcessProxy::startResponsivenessTimer):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
(WebKit::AuxiliaryProcessProxy::protectedResponsivenessTimer):
(WebKit::AuxiliaryProcessProxy::protectedResponsivenessTimer const):
(WebKit::AuxiliaryProcessProxy::checkedResponsivenessTimer): Deleted.
(WebKit::AuxiliaryProcessProxy::checkedResponsivenessTimer const): Deleted.
* Source/WebKit/UIProcess/ResponsivenessTimer.h:
(WebKit::ResponsivenessTimer::ref const):
(WebKit::ResponsivenessTimer::deref const):

Canonical link: https://commits.webkit.org/287301@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list