Regression(PSON) Crash under WebPageProxy::didStartProgress()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Jan 2019 21:19:52 +0000 (21:19 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Jan 2019 21:19:52 +0000 (21:19 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193915
<rdar://problem/47560907>

Reviewed by Alex Christensen.

Source/WebKit:

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::close):
Make sure we destroy the ProvisionalPageProxy if the page gets closed as we do not want to keep receiving
IPC after this or even worse, commit the provisional page.

(WebKit::WebPageProxy::didStartProgress):
Add an assertion in didStartProgress() to make sure we do not receive this IPC after the page has been
closed.

Tools:

Add API test coverage.

* TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240599 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebPageProxy.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm

index 4ab33d8..5d0f5d9 100644 (file)
@@ -1,3 +1,20 @@
+2019-01-28  Chris Dumez  <cdumez@apple.com>
+
+        Regression(PSON) Crash under WebPageProxy::didStartProgress()
+        https://bugs.webkit.org/show_bug.cgi?id=193915
+        <rdar://problem/47560907>
+
+        Reviewed by Alex Christensen.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::close):
+        Make sure we destroy the ProvisionalPageProxy if the page gets closed as we do not want to keep receiving
+        IPC after this or even worse, commit the provisional page.
+
+        (WebKit::WebPageProxy::didStartProgress):
+        Add an assertion in didStartProgress() to make sure we do not receive this IPC after the page has been
+        closed.
+
 2019-01-28  Antoine Quint  <graouts@apple.com>
 
         Limit user-agent interactions based on the touch-action property on iOS
index 1207c67..756f686 100644 (file)
@@ -965,6 +965,8 @@ void WebPageProxy::close()
     m_activeContextMenu = nullptr;
 #endif
 
+    m_provisionalPage = nullptr;
+
     m_inspector->invalidate();
 
     m_backForwardList->pageClosed();
@@ -3711,6 +3713,8 @@ double WebPageProxy::estimatedProgress() const
 
 void WebPageProxy::didStartProgress()
 {
+    ASSERT(!m_isClosed);
+
     PageClientProtector protector(pageClient());
 
     auto transaction = m_pageLoadState.transaction();
index 18d7579..f1d60cd 100644 (file)
@@ -1,3 +1,15 @@
+2019-01-28  Chris Dumez  <cdumez@apple.com>
+
+        Regression(PSON) Crash under WebPageProxy::didStartProgress()
+        https://bugs.webkit.org/show_bug.cgi?id=193915
+        <rdar://problem/47560907>
+
+        Reviewed by Alex Christensen.
+
+        Add API test coverage.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
 2019-01-28  Aakash Jain  <aakash_jain@apple.com>
 
         [ews-app] Rename id variables
index 2742993..62caa3d 100644 (file)
@@ -3351,6 +3351,44 @@ TEST(ProcessSwap, NavigateToCrossSiteThenBackFromJS)
     EXPECT_NE(applePID, [webView _webProcessIdentifier]);
 }
 
+
+TEST(ProcessSwap, ClosePageAfterCrossSiteProvisionalLoad)
+{
+    auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]);
+    processPoolConfiguration.get().processSwapsOnNavigation = YES;
+    auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]);
+
+    auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [webViewConfiguration setProcessPool:processPool.get()];
+    auto handler = adoptNS([[PSONScheme alloc] init]);
+    [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"];
+
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+    auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]);
+    [webView setNavigationDelegate:navigationDelegate.get()];
+
+    [webView configuration].preferences.safeBrowsingEnabled = NO;
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+
+    didStartProvisionalLoad = false;
+    [webView loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]];
+
+    navigationDelegate->decidePolicyForNavigationAction = ^(WKNavigationAction *, void (^decisionHandler)(WKNavigationActionPolicy)) {
+        decisionHandler(WKNavigationActionPolicyAllow);
+
+        [webView _close];
+        done = true;
+    };
+
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+
+    TestWebKitAPI::Util::sleep(0.5);
+}
+
 #if PLATFORM(MAC)
 
 static const char* saveOpenerTestBytes = R"PSONRESOURCE(