[webkit-changes] [WebKit/WebKit] c5617f: Crash when ResponsivenessTimer fires
Chris Dumez
noreply at github.com
Tue Dec 3 12:23:19 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c5617f4184ab9289950d98b59eb5803d405edf6e
https://github.com/WebKit/WebKit/commit/c5617f4184ab9289950d98b59eb5803d405edf6e
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-12-03 (Tue, 03 Dec 2024)
Changed paths:
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
M Source/WebKit/UIProcess/ResponsivenessTimer.cpp
M Source/WebKit/UIProcess/ResponsivenessTimer.h
Log Message:
-----------
Crash when ResponsivenessTimer fires
https://bugs.webkit.org/show_bug.cgi?id=283948
rdar://140572152
Reviewed by Darin Adler and Brady Eidson.
I recently made it so that RunLoop::Timer will protect the object it is calling
the "timeout" function on, either via a RefPtr or a CheckedPtr. Given that
ResponsivenessTimer subclassed CanMakeCheckedPtr, it would use a CheckedPtr.
As a speculative fix for the crash, make ResponsivenessTimer RefCounted. As a
result, RunLoop::Timer will now ref the ResponsivenessTimer before calling
`timerFired()` on it, which should be safer than a CheckedPtr. One could
imagine `timerFired()` causing the ResponsivenessTimer to get destroyed
otherwise, since it calls some client functions.
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
(WebKit::AuxiliaryProcessProxy::stopResponsivenessTimer):
(WebKit::AuxiliaryProcessProxy::startResponsivenessTimer):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
(WebKit::AuxiliaryProcessProxy::protectedResponsivenessTimer):
(WebKit::AuxiliaryProcessProxy::protectedResponsivenessTimer const):
(WebKit::AuxiliaryProcessProxy::checkedResponsivenessTimer): Deleted.
(WebKit::AuxiliaryProcessProxy::checkedResponsivenessTimer const): Deleted.
* Source/WebKit/UIProcess/ResponsivenessTimer.h:
(WebKit::ResponsivenessTimer::ref const):
(WebKit::ResponsivenessTimer::deref const):
Canonical link: https://commits.webkit.org/287301@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list