[Webkit-unassigned] [Bug 222336] WKScriptMessage can race against WKWebView destruction
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 17 11:00:37 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=222336
Geoffrey Garen <ggaren at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ggaren at apple.com
--- Comment #7 from Geoffrey Garen <ggaren at apple.com> ---
Thanks for clarifying.
I think this issue is more narrow than general -release thread safety. I think this issue might be the use of __unsafe_unretained here:
static HashMap<WebKit::WebPageProxy*, __unsafe_unretained WKWebView *>& pageToViewMap()
{
static NeverDestroyed<HashMap<WebKit::WebPageProxy*, __unsafe_unretained WKWebView *>> map;
return map;
}
-[WKScriptMessage _initWithBody...] is correctly signaling the error that we're storing a raw pointer into a weak pointer after the pointed-to object has initiated destruction.
The trivial solution would be to store a weak pointer in the map. Maybe that would just work. But I'm not sure why we chose __unsafe_unretained in the first place.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210317/76c8c5c1/attachment-0001.htm>
More information about the webkit-unassigned
mailing list