Crash in WebCore::ServiceWorkerGlobalScope
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Jan 2019 18:47:22 +0000 (18:47 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Jan 2019 18:47:22 +0000 (18:47 +0000)
https://bugs.webkit.org/show_bug.cgi?id=192513
<rdar://problem/46563880>

Reviewed by Alex Christensen.

Store the identifier in its own variable to make sure we do not use workerThread after being moved.

* workers/service/ServiceWorkerGlobalScope.cpp:
(WebCore::ServiceWorkerGlobalScope::skipWaiting):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239620 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp

index 9c6713e..ebd77ad 100644 (file)
@@ -1,3 +1,16 @@
+2019-01-04  Youenn Fablet  <youenn@apple.com>
+
+        Crash in WebCore::ServiceWorkerGlobalScope
+        https://bugs.webkit.org/show_bug.cgi?id=192513
+        <rdar://problem/46563880>
+
+        Reviewed by Alex Christensen.
+
+        Store the identifier in its own variable to make sure we do not use workerThread after being moved.
+
+        * workers/service/ServiceWorkerGlobalScope.cpp:
+        (WebCore::ServiceWorkerGlobalScope::skipWaiting):
+
 2019-01-04  Chris Fleizach  <cfleizach@apple.com>
 
         AX: String check: "Rule" does not reflect the meaning of the <hr> html tag
index fe429ab..88ad7ff 100644 (file)
@@ -62,7 +62,8 @@ void ServiceWorkerGlobalScope::skipWaiting(Ref<DeferredPromise>&& promise)
 
     callOnMainThread([workerThread = makeRef(thread()), requestIdentifier]() mutable {
         if (auto* connection = SWContextManager::singleton().connection()) {
-            connection->skipWaiting(workerThread->identifier(), [workerThread = WTFMove(workerThread), requestIdentifier] {
+            auto identifier = workerThread->identifier();
+            connection->skipWaiting(identifier, [workerThread = WTFMove(workerThread), requestIdentifier] {
                 workerThread->runLoop().postTask([requestIdentifier](auto& context) {
                     auto& scope = downcast<ServiceWorkerGlobalScope>(context);
                     if (auto promise = scope.m_pendingSkipWaitingPromises.take(requestIdentifier))