[Webkit-unassigned] [Bug 240321] New: [Cocoa] ProcessLauncher instance was not released well on the error case.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 11 16:42:22 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=240321

            Bug ID: 240321
           Summary: [Cocoa] ProcessLauncher instance was not released well
                    on the error case.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Basuke.Suzuki at sony.com

It's very rare case but when xpc is failing to establish the connection to the sub process, the error handler is called after executing xpc_connection_send_message_with_reply():

https://github.com/WebKit/WebKit/blob/main/Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm#L277

and ProcessLauncher is failing its responsibility. At the end the owner of ProcessLauncher is terminated and releases the ownership of ProcessLauncher at the destructor of AuxiliaryProcessProxy.

But just before calling xpc_connection_send_message_with_reply(), the process is ref()ed. There's no chance to deref() the instance because the callback of  xpc_connection_send_message_with_reply() won't be called if error happens.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220511/60bf41ea/attachment-0001.htm>

More information about the webkit-unassigned mailing list