Crash in DOMWindowExtension::suspendForPageCache
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Feb 2019 00:06:27 +0000 (00:06 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Feb 2019 00:06:27 +0000 (00:06 +0000)
commit8f34b9d1ec4098b618a28b9620ff7998ba4bcbbe
tree7893dfaca49b6fb0eaf7742d5565b7f78b66aa44
parent5b16c338c36cc4890050c2c691010deecf3b7c4c
Crash in DOMWindowExtension::suspendForPageCache
https://bugs.webkit.org/show_bug.cgi?id=194871

Reviewed by Chris Dumez.

This is a speculative fix for a crash in DOMWindowExtension::suspendForPageCache.

We think it's possible for DOMWindowExtension::suspendForPageCache notifying the clients via
dispatchWillDisconnectDOMWindowExtensionFromGlobalObject to remove other DOMWindowExtension's.
Check that each DOMWindowProperty is still in m_properties before invoking suspendForPageCache
to avoid the crash.

* page/DOMWindow.cpp:
(WebCore::DOMWindow::willDestroyCachedFrame):
(WebCore::DOMWindow::willDestroyDocumentInFrame):
(WebCore::DOMWindow::willDetachDocumentFromFrame):
(WebCore::DOMWindow::suspendForPageCache):
(WebCore::DOMWindow::resumeFromPageCache):
* page/DOMWindowExtension.cpp:
(WebCore::DOMWindowExtension::suspendForPageCache):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/page/DOMWindow.cpp
Source/WebCore/page/DOMWindowExtension.cpp