[webkit-changes] [WebKit/WebKit] de54ec: [IPCTestingAPI] JSGlobalObject may be destroyed wh...
Charlie Wolfe
noreply at github.com
Thu Mar 7 09:00:47 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: de54ecba6b596ea666aa99205131b8cdb429a1e4
https://github.com/WebKit/WebKit/commit/de54ecba6b596ea666aa99205131b8cdb429a1e4
Author: Charlie Wolfe <charliew at apple.com>
Date: 2024-03-07 (Thu, 07 Mar 2024)
Changed paths:
M Source/WebKit/WebProcess/WebPage/IPCTestingAPI.cpp
Log Message:
-----------
[IPCTestingAPI] JSGlobalObject may be destroyed when sending IPC messages during page teardown
https://bugs.webkit.org/show_bug.cgi?id=270610
rdar://114871193
Reviewed by Geoffrey Garen.
Some objects send IPC messages in their destructor. So, when the page is being torn down, it is possible
that the JSGlobalObject associated with the JSContextRef we are storing has already been destroyed. To
fix this, we should instead hold a weak reference to the global object and early return when it has been
destroyed.
* Source/WebKit/WebProcess/WebPage/IPCTestingAPI.cpp:
(WebKit::IPCTestingAPI::JSMessageListener::JSMessageListener):
(WebKit::IPCTestingAPI::JSMessageListener::didReceiveMessage):
(WebKit::IPCTestingAPI::JSMessageListener::willSendMessage):
Canonical link: https://commits.webkit.org/275792@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list