Regression(PSON) Crash under WebProcessProxy::canTerminateChildProcess()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Jan 2019 19:49:43 +0000 (19:49 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Jan 2019 19:49:43 +0000 (19:49 +0000)
https://bugs.webkit.org/show_bug.cgi?id=194094
<rdar://problem/47580753>

Reviewed by Ryosuke Niwa.

If a SuspendedPageProxy gets destroyed while a WebPageProxy is waiting for its to finish to suspend,
call the "failure to suspend" completion handler asynchronously instead of synchronouly to make sure
the completion handler cannot try and use the suspended page proxy while it is being destroyed.

* UIProcess/SuspendedPageProxy.cpp:
(WebKit::SuspendedPageProxy::~SuspendedPageProxy):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240803 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/SuspendedPageProxy.cpp

index bb92455..f6e5782 100644 (file)
@@ -1,3 +1,18 @@
+2019-01-31  Chris Dumez  <cdumez@apple.com>
+
+        Regression(PSON) Crash under WebProcessProxy::canTerminateChildProcess()
+        https://bugs.webkit.org/show_bug.cgi?id=194094
+        <rdar://problem/47580753>
+
+        Reviewed by Ryosuke Niwa.
+
+        If a SuspendedPageProxy gets destroyed while a WebPageProxy is waiting for its to finish to suspend,
+        call the "failure to suspend" completion handler asynchronously instead of synchronouly to make sure
+        the completion handler cannot try and use the suspended page proxy while it is being destroyed.
+
+        * UIProcess/SuspendedPageProxy.cpp:
+        (WebKit::SuspendedPageProxy::~SuspendedPageProxy):
+
 2019-01-31  Timothy Hatcher  <timothy@apple.com>
 
         Fix LSAppLink deprecation warnings.
index 049507e..0c981f2 100644 (file)
@@ -92,8 +92,11 @@ SuspendedPageProxy::SuspendedPageProxy(WebPageProxy& page, Ref<WebProcessProxy>&
 
 SuspendedPageProxy::~SuspendedPageProxy()
 {
-    if (m_readyToUnsuspendHandler)
-        m_readyToUnsuspendHandler(nullptr);
+    if (m_readyToUnsuspendHandler) {
+        RunLoop::main().dispatch([readyToUnsuspendHandler = WTFMove(m_readyToUnsuspendHandler)]() mutable {
+            readyToUnsuspendHandler(nullptr);
+        });
+    }
 
     if (m_suspensionState == SuspensionState::Resumed)
         return;