Crash under WebProcessPool::addSuspendedPage()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Jan 2019 18:01:10 +0000 (18:01 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Jan 2019 18:01:10 +0000 (18:01 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193110

Reviewed by Youenn Fablet.

Source/WebKit:

When PageCache is disabled, WebProcessPool::m_maxSuspendedPageCount is 0 and WebProcessPool::addSuspendedPage()
would call m_suspendedPages.removeFirst() even though m_suspendedPages is empty, causing a crash.
Do an early return when m_maxSuspendedPageCount is 0 since we do not want to add any suspended page in this
case.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::addSuspendedPage):

Tools:

Add API test coverage.

* TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239617 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebProcessPool.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm

index 153c822..be400ab 100644 (file)
@@ -1,3 +1,18 @@
+2019-01-04  Chris Dumez  <cdumez@apple.com>
+
+        Crash under WebProcessPool::addSuspendedPage()
+        https://bugs.webkit.org/show_bug.cgi?id=193110
+
+        Reviewed by Youenn Fablet.
+
+        When PageCache is disabled, WebProcessPool::m_maxSuspendedPageCount is 0 and WebProcessPool::addSuspendedPage()
+        would call m_suspendedPages.removeFirst() even though m_suspendedPages is empty, causing a crash.
+        Do an early return when m_maxSuspendedPageCount is 0 since we do not want to add any suspended page in this
+        case.
+
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::addSuspendedPage):
+
 2019-01-03  Brent Fulgham  <bfulgham@apple.com>
 
         [iOS] Silently deny access to mail settings triggered by MessageUI framework
index 5f51f9d..6ff5352 100644 (file)
@@ -2256,6 +2256,9 @@ void WebProcessPool::processForNavigationInternal(WebPageProxy& page, const API:
 
 void WebProcessPool::addSuspendedPage(std::unique_ptr<SuspendedPageProxy>&& suspendedPage)
 {
+    if (!m_maxSuspendedPageCount)
+        return;
+
     if (m_suspendedPages.size() >= m_maxSuspendedPageCount)
         m_suspendedPages.removeFirst();
 
index dbd7af0..15a1722 100644 (file)
@@ -1,3 +1,14 @@
+2019-01-04  Chris Dumez  <cdumez@apple.com>
+
+        Crash under WebProcessPool::addSuspendedPage()
+        https://bugs.webkit.org/show_bug.cgi?id=193110
+
+        Reviewed by Youenn Fablet.
+
+        Add API test coverage.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
 2019-01-04  Aakash Jain  <aakash_jain@apple.com>
 
         [ews-build] Check patch relevance before applying the patch
index 2434bce..47a27e3 100644 (file)
@@ -2735,6 +2735,41 @@ TEST(ProcessSwap, NavigateToDataURLThenBack)
     EXPECT_EQ(pid2, pid3);
 }
 
+TEST(ProcessSwap, NavigateCrossSiteWithPageCacheDisabled)
+{
+    auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]);
+    processPoolConfiguration.get().processSwapsOnNavigation = YES;
+    processPoolConfiguration.get().pageCacheEnabled = NO;
+    auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]);
+
+    auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [webViewConfiguration setProcessPool:processPool.get()];
+    auto handler = adoptNS([[PSONScheme alloc] init]);
+    [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"];
+
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+    auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]);
+    [webView setNavigationDelegate:navigationDelegate.get()];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+    auto webkitPID = [webView _webProcessIdentifier];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.apple.com/main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+    auto applePID = [webView _webProcessIdentifier];
+
+    EXPECT_NE(webkitPID, applePID);
+
+    [webView goBack];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+
+    EXPECT_NE(applePID, [webView _webProcessIdentifier]);
+}
+
 TEST(ProcessSwap, APIControlledProcessSwapping)
 {
     auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);