[Webkit-unassigned] [Bug 174729] New: Crash in many WebKit apps marking a connection invalid under Messages::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 21 15:17:29 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=174729
Bug ID: 174729
Summary: Crash in many WebKit apps marking a connection invalid
under
Messages::NetworkProcessProxy::canAuthenticateAgainstP
rotectionSpace
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: beidson at apple.com
Crash in many WebKit apps marking a connection invalid under Messages::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace
This is the top of the crash stack:
IPC::Connection::markCurrentlyDispatchedMessageAsInvalid() <==
WebPageProxy::canAuthenticateAgainstProtectionSpace
NetworkProcessProxy::CanAuthenticateAgainstProtectionSpace
void IPC::handleMessage<Messages::NetworkProcessProxy::CanAuthenticateAgainstProtectionSpace, WebKit::NetworkProcessProxy...
NetworkProcessProxy checks the validity of the WebPageProxy but not the WebFrameProxy.
Then the WebPageProxy message checks the frameID, finds it is invalid, then tries to mark its connection invalid... but it doesn't have a connection.
On the surface this seems bizarre, but it's an okay state to be in. The NetworkingProcess cannot possible know about the validity of WebPage and WebFrame identifiers by the time it messages the UIProcess directly for this CanAuthenticateAgainstProtectionSpace event.
Previously, the CanAuthenticateAgainstProtectionSpace event went from Network -> Web -> UIProcess and, in that case, the message check handling it was valid.
But since we short circuited the WebProcess out of handling this event, the message check no longer holds.
The NetworkProcessProxy just needs to validate the ids up front.
<rdar://problem/28822272>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170721/3da27ee5/attachment.html>
More information about the webkit-unassigned
mailing list