[Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 2 Feb 2017 18:31:54 +0000 (18:31 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 2 Feb 2017 18:31:54 +0000 (18:31 +0000)
commitef90e84d95fad31edf7f89f4c4bf2995aa703085
tree75d06a03b26b8a20dc8bbf2d9cb9f042d5376531
parent02108f80b90a98c69cf74cebdbc84c37091a850f
[Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage()
https://bugs.webkit.org/show_bug.cgi?id=167738
<rdar://problem/30229990>

Reviewed by Andreas Kling.

Source/WebCore:

Upon destruction of a Page, we destroy the BackForwardClient, which is supposed
to keep track of HistoryItems associated to this particular page and remove them
from the PageCache. Given the crash trace, the issue seems to be that some
HistoryItems associated with the Page sometimes linger in the PageCache *after*
the Page has been destroyed, which leads to crashes later on when pruning the
PageCache.

In order to make the process more robust, this patch refactors the code so that
the Page is now in charge of removing all its associated HistoryItems from the
PageCache instead of relying on the BackForwardClient. Also, instead of having
the Page keep track of which HistoryItems are associated with it (which is
error prone), we now scan all PageCache entries instead to find which ones are
associated with the Page. While this is in theory slower, this is much safer
and in practice not an issue because the PageCache usually has 3-5 entries.

No new tests, could not reproduce.

* history/CachedPage.cpp:
(WebCore::CachedPage::CachedPage):
* history/CachedPage.h:
(WebCore::CachedPage::page):
* history/PageCache.cpp:
(WebCore::PageCache::removeAllItemsForPage):
* history/PageCache.h:
* page/Page.cpp:
(WebCore::Page::~Page):

Source/WebKit/mac:

The BackForwardClient no longer needs to worry about removing HistoryItems
from the PageCache now that WebCore takes care of it.

* History/BackForwardList.mm:
(BackForwardList::close):

Source/WebKit/win:

The BackForwardClient no longer needs to worry about removing HistoryItems
from the PageCache now that WebCore takes care of it.

* BackForwardList.cpp:
(BackForwardList::close):

Source/WebKit2:

The BackForwardClient no longer needs to worry about removing HistoryItems
from the PageCache now that WebCore takes care of it.

* WebProcess/WebPage/WebBackForwardListProxy.cpp:
(WebKit::WebBackForwardListProxy::addItemFromUIProcess):
(WebKit::WebBackForwardListProxy::addItem):
(WebKit::WebBackForwardListProxy::close):
* WebProcess/WebPage/WebBackForwardListProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211569 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
Source/WebCore/ChangeLog
Source/WebCore/history/CachedPage.cpp
Source/WebCore/history/CachedPage.h
Source/WebCore/history/PageCache.cpp
Source/WebCore/history/PageCache.h
Source/WebCore/page/Page.cpp
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/History/BackForwardList.mm
Source/WebKit/win/BackForwardList.cpp
Source/WebKit/win/ChangeLog
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebPage/WebBackForwardListProxy.cpp
Source/WebKit2/WebProcess/WebPage/WebBackForwardListProxy.h