Crash during interrupted process termination
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jun 2018 20:47:17 +0000 (20:47 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jun 2018 20:47:17 +0000 (20:47 +0000)
commitc49c4ee5c31ad3d9b5dd9088490dcd837eaaffec
tree4df81cee51d08993517e4efe257088f3681313b9
parenteec03e599cd1b43b50879f67335516f6b3e95143
Crash during interrupted process termination
https://bugs.webkit.org/show_bug.cgi?id=185373
<rdar://problem/40019480>

Reviewed by Alex Christensen.

It's possible to encounter a crash if a user agent feature (such as Safari's responsiveness timer) decides
to kill a Web Process around the same time that a user decides to trigger a new page load. One of the two
termination operations may attempt to call methods on a nulled process pointer.

We can avoid this by holding our own reference to the terminating process until the termination steps have
been completed.

* UIProcess/API/C/WKPage.cpp:
(WKPageTerminate): Ref<> the active process while the termination call is performed.
* UIProcess/API/Cocoa/WKWebView.mm:
([WKWebView _killWebContentProcessAndResetState]): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232808 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/API/C/WKPage.cpp
Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm