WebUserContentController::removeUserScriptMessageHandlerInternal may deref and delete...
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Jan 2019 13:15:03 +0000 (13:15 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Jan 2019 13:15:03 +0000 (13:15 +0000)
commit07eec90790ce58fa84ed4749e8b53301f9306a9a
tree8d719095b976099f19eda36ac2689cbbe61110f6
parentc4f7634355a2f54e0df14ada4e4b6a919935d9ee
WebUserContentController::removeUserScriptMessageHandlerInternal may deref and delete itself
https://bugs.webkit.org/show_bug.cgi?id=193901
<rdar://problem/47338669>

Reviewed by David Kilzer.

Don't know how to repro.

* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::removeUserScriptMessageHandlerInternal):

Calling userMessageHandlers.removeFirstMatching() may remove the last ref to this
(because WebUserMessageHandlerDescriptorProxy refs WebUserContentController).
Fix by protecting this over the function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240578 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit/ChangeLog
Source/WebKit/WebProcess/UserContent/WebUserContentController.cpp