[webkit-changes] [WebKit/WebKit] 6bbee0: REGRESSION(281282 at main): Web process crashes when ...

Abrar Rahman Protyasha noreply at github.com
Fri Oct 18 01:29:08 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6bbee059a4bff61ccb29cfd7a97aab753d91e5c1
      https://github.com/WebKit/WebKit/commit/6bbee059a4bff61ccb29cfd7a97aab753d91e5c1
  Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
  Date:   2024-10-18 (Fri, 18 Oct 2024)

  Changed paths:
    M Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/PDFPresentationController.mm
    M Tools/TestWebKitAPI/SourcesCocoa.txt
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    M Tools/TestWebKitAPI/Tests/WebKit/WKThumbnailView.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/GPUProcess.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
    R Tools/TestWebKitAPI/cocoa/EnableUISideCompositingScope.h
    R Tools/TestWebKitAPI/cocoa/EnableUISideCompositingScope.mm
    A Tools/TestWebKitAPI/cocoa/UISideCompositingScope.h
    A Tools/TestWebKitAPI/cocoa/UISideCompositingScope.mm

  Log Message:
  -----------
  REGRESSION(281282 at main): Web process crashes when opening PDF in Safari on macOS Recovery
https://bugs.webkit.org/show_bug.cgi?id=281691
rdar://138067010

Reviewed by Simon Fraser and Wenson Hsieh.

Whenever we open a PDF in the macOS Recovery system, we crash when
ensuring layers are created because we fail to create any layers in the
presentation controller to begin with.

To answer this, we need to understand the relation between UI side
compositing and graphics layer creation. The general pattern for
graphics layer creation is to pass in a (maybe null) graphics layer
factory pointer to GraphicsLayer::create(), and this callee is smart
enough to have a fallback layer creation path if the factory pointer is
null. How this relates to UI side compositing is that, when disabled, we
use TiledCoreAnimationDrawingArea instead of RemoteLayerTreeDrawingArea.
Note that the former drawing area does not have an associated graphics
layer factory, which means with UI side compositing disabled we go down
the fallback path I talked about in GraphicsLayer::create().

The bug materializes in PDFPresentationController because we make the
mistake of early returning a null graphics layer if we get a null
graphics layer factory from the page chrome client, instead of allowing
GraphicsLayer::create() to deal with that case. We fix the crash by
removing the early return path.

This patch also generalizes the EnableUISideCompositingScope test utility
such that we can choose between enablement and disablement of UI side
compositing in a certain scope.

Test coverage: TestWebKitAPI.UnifiedPDF.WebProcessShouldNotCrashWithUISideCompositingDisabled

* Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/PDFPresentationController.mm:
(WebKit::PDFPresentationController::createGraphicsLayer):
* Tools/TestWebKitAPI/SourcesCocoa.txt:
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKit/WKThumbnailView.mm:
(TestWebKitAPI::TEST(WebKit, WKThumbnailViewLayerReparentingWithUISideCompositing)):
(TestWebKitAPI::TEST(WebKit, WKThumbnailViewLayerReparentingWithUISideCompositingAndTopContentInset)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/GPUProcess.mm:
(TestWebKitAPI::TEST(GPUProcess, GPUProcessForDOMRenderingCarriesOverFromRelatedPage)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm:
(-[ObserveWebContentCrashNavigationDelegate _webView:webContentProcessDidTerminateWithReason:]):
(-[ObserveWebContentCrashNavigationDelegate webView:didFinishNavigation:]):
(-[ObserveWebContentCrashNavigationDelegate webProcessCrashed]):
(-[ObserveWebContentCrashNavigationDelegate navigationFinished]):
(TestWebKitAPI::UNIFIED_PDF_TEST):
* Tools/TestWebKitAPI/cocoa/UISideCompositingScope.h: Renamed from Tools/TestWebKitAPI/cocoa/EnableUISideCompositingScope.h.
* Tools/TestWebKitAPI/cocoa/UISideCompositingScope.mm: Renamed from Tools/TestWebKitAPI/cocoa/EnableUISideCompositingScope.mm.
(-[NSUserDefaults swizzled_objectForKey:]):
(TestWebKitAPI::UISideCompositingScope::UISideCompositingScope):
(TestWebKitAPI::UISideCompositingScope::~UISideCompositingScope):

Canonical link: https://commits.webkit.org/285385@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list