[Webkit-unassigned] [Bug 174729] New: Crash in many WebKit apps marking a connection invalid under Messages::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 21 15:17:29 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=174729

            Bug ID: 174729
           Summary: Crash in many WebKit apps marking a connection invalid
                    under
                    Messages::NetworkProcessProxy::canAuthenticateAgainstP
                    rotectionSpace
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: beidson at apple.com

Crash in many WebKit apps marking a connection invalid under Messages::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace

This is the top of the crash stack:
IPC::Connection::markCurrentlyDispatchedMessageAsInvalid() <==
WebPageProxy::canAuthenticateAgainstProtectionSpace
NetworkProcessProxy::CanAuthenticateAgainstProtectionSpace
void IPC::handleMessage<Messages::NetworkProcessProxy::CanAuthenticateAgainstProtectionSpace, WebKit::NetworkProcessProxy...

NetworkProcessProxy checks the validity of the WebPageProxy but not the WebFrameProxy.

Then the WebPageProxy message checks the frameID, finds it is invalid, then tries to mark its connection invalid... but it doesn't have a connection.

On the surface this seems bizarre, but it's an okay state to be in. The NetworkingProcess cannot possible know about the validity of WebPage and WebFrame identifiers by the time it messages the UIProcess directly for this CanAuthenticateAgainstProtectionSpace event.

Previously, the CanAuthenticateAgainstProtectionSpace event went from Network -> Web -> UIProcess and, in that case, the message check handling it was valid.
But since we short circuited the WebProcess out of handling this event, the message check no longer holds.

The NetworkProcessProxy just needs to validate the ids up front.

<rdar://problem/28822272>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170721/3da27ee5/attachment.html>

More information about the webkit-unassigned mailing list