[webkit-changes] [WebKit/WebKit] cd8355: Crash under BackForwardCache::get(HistoryItem&, Pa...

Chris Dumez noreply at github.com
Mon Jul 29 19:04:49 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cd835520f77a6f043a1348de4ea01abbdb4ee5b2
      https://github.com/WebKit/WebKit/commit/cd835520f77a6f043a1348de4ea01abbdb4ee5b2
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-07-29 (Mon, 29 Jul 2024)

  Changed paths:
    A LayoutTests/http/tests/navigation/page-cache-expired-entry-expected.txt
    A LayoutTests/http/tests/navigation/page-cache-expired-entry.html
    A LayoutTests/http/tests/navigation/resources/page-cache-helper-inspector-disables-caches.html
    M Source/WebCore/history/BackForwardCache.cpp
    M Source/WebCore/testing/Internals.cpp
    M Source/WebCore/testing/Internals.h
    M Source/WebCore/testing/Internals.idl

  Log Message:
  -----------
  Crash under BackForwardCache::get(HistoryItem&, Page*)
https://bugs.webkit.org/show_bug.cgi?id=277294
rdar://132704152

Reviewed by Ryosuke Niwa.

There was an early return case in `BackForwardCache::get()` when Web Inspector
disable caches or when the back/forward cache entry has expired. In this case,
we would call `remove(item)` which would destroy the CachedPage. However, the
function currently holds a CachedPtr to the CachedPage being destroyed so we
would RELEASE_ASSERT. To address the issue, we now clear the CachedPage
CheckedPtr before calling `remove(item)`.

* LayoutTests/http/tests/navigation/page-cache-expired-entry-expected.txt: Added.
* LayoutTests/http/tests/navigation/page-cache-expired-entry.html: Added.
* LayoutTests/http/tests/navigation/resources/page-cache-helper-inspector-disables-caches.html: Added.
* Source/WebCore/history/BackForwardCache.cpp:
(WebCore::BackForwardCache::get):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::resetToConsistentState):
(WebCore::Internals::setResourceCachingDisabledByWebInspector):
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:

Canonical link: https://commits.webkit.org/281540@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list