[webkit-changes] [WebKit/WebKit] 9ff5a3: Add nullptr check for ProcessLauncher client

Per Arne Vollan noreply at github.com
Tue Feb 20 09:28:48 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9ff5a32ea773d660f731a47c326ac36896ac7ced
      https://github.com/WebKit/WebKit/commit/9ff5a32ea773d660f731a47c326ac36896ac7ced
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-02-20 (Tue, 20 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Add nullptr check for ProcessLauncher client
https://bugs.webkit.org/show_bug.cgi?id=269759
rdar://122995875

Reviewed by Brent Fulgham.

This patch fixes a null pointer dereference crash that was introduced in <https://commits.webkit.org/274390@main>.
The commit 274390 at main introduced a race condition by holding a reference to the Process launcher in the completion
handler for starting WebKit extension processes. This reference was held througout the duration of the completion
handler. This meant that on rare occasions, the Process launcher could be deleted at the end of the completion
handler, instead of in the AuxiliaryProcessProxy destructor, where it normally is invalidated and deleted. The
lambda to finish the launch scheduled from the completion handler on the main thread could then end up having a
Process launcher that was invalidated but not deallocated. When the Process launcher is invalidated, the m_client
member is set to nullptr. This member is later dereferenced in ProcessLauncher::finishLaunchingProcess, and caused
a null pointer crash in this case. This patch is fixing the crash by reverting the change in 274390 at main that
introduced the crash as well as adding a null pointer check for m_client, to guard against this race being
reintroduced in the future.

* Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
(WebKit::ProcessLauncher::launchProcess):

Canonical link: https://commits.webkit.org/275047@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list