[webkit-changes] [WebKit/WebKit] 927f3f: Fix a specific crash where a WebPageProxy outlives...

[Brady Eidson]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 927f3f7dfde6e87358894dd55b3a583f4964c36e
      https://github.com/WebKit/WebKit/commit/927f3f7dfde6e87358894dd55b3a583f4964c36e
  Author: Brady Eidson <beidson at apple.com>
  Date:   2024-06-18 (Tue, 18 Jun 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h

  Log Message:
  -----------
  Fix a specific crash where a WebPageProxy outlives its PageClient
rdar://129558032
https://bugs.webkit.org/show_bug.cgi?id=275508

Reviewed by Youenn Fablet.

It's known that WebPageProxy objects can outlive their client view object (WKContentView or WebViewImpl)
And since the client view object owns the PageClient, WebPageProxy objects can exist without a PageClient.

The WebPageProxy::pageClient() accessor acknowledges this with a debug-only ASSERT.

The gamepad access hysteresis skips some of the other "close() or process crashed" cleanup that other
member objects perform, such as timers. So it's very possible that simply cancelling the hysteresis when
those events occur is good enough.

This patch does that, but also explicitly closes the hazard of assuming the PageClient is non-null.

I believe there's still a submarine risk of many other "protectedPageClient()" calls happening on a null
page client, driven by racey IPC timing. A followup will apply null checking more widely.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::optionalProtectedPageClient const):
(WebKit::WebPageProxy::close):
(WebKit::WebPageProxy::resetStateAfterProcessExited):
(WebKit::WebPageProxy::recentGamepadAccessStateChanged):
* Source/WebKit/UIProcess/WebPageProxy.h:

Canonical link: https://commits.webkit.org/280131@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications