Some iOS app crash in FrameLoader::checkCompleted
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Dec 2018 22:03:07 +0000 (22:03 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Dec 2018 22:03:07 +0000 (22:03 +0000)
https://bugs.webkit.org/show_bug.cgi?id=192804
<rdar://problem/44240573>

Reviewed by Tim Horton.

It's possible for the main thread to call into WebCore / UIWebView selectors while Web thread
is trying to send a delegate message. Disable the release assertion while this is happening
so that iOS app would not crash.

Unfortunately no new test as there is no way to easily test UIWebView in iOS,
and this requires a race between the web thread & the main thread.

* dom/ScriptDisallowedScope.h:
(WebCore::ScriptDisallowedScope::InMainThread::isScriptAllowed):
* platform/ios/wak/WebCoreThread.h:
* platform/ios/wak/WebCoreThread.mm:
(WebThreadDelegateMessageScope::WebThreadDelegateMessageScope):
(WebThreadDelegateMessageScope::~WebThreadDelegateMessageScope):
(SendDelegateMessage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/dom/ScriptDisallowedScope.h
Source/WebCore/platform/ios/wak/WebCoreThread.h
Source/WebCore/platform/ios/wak/WebCoreThread.mm

index c464682..fefaecd 100644 (file)
@@ -1,3 +1,26 @@
+2018-12-18  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Some iOS app crash in FrameLoader::checkCompleted
+        https://bugs.webkit.org/show_bug.cgi?id=192804
+        <rdar://problem/44240573>
+
+        Reviewed by Tim Horton.
+
+        It's possible for the main thread to call into WebCore / UIWebView selectors while Web thread
+        is trying to send a delegate message. Disable the release assertion while this is happening
+        so that iOS app would not crash.
+
+        Unfortunately no new test as there is no way to easily test UIWebView in iOS,
+        and this requires a race between the web thread & the main thread.
+
+        * dom/ScriptDisallowedScope.h:
+        (WebCore::ScriptDisallowedScope::InMainThread::isScriptAllowed):
+        * platform/ios/wak/WebCoreThread.h:
+        * platform/ios/wak/WebCoreThread.mm:
+        (WebThreadDelegateMessageScope::WebThreadDelegateMessageScope):
+        (WebThreadDelegateMessageScope::~WebThreadDelegateMessageScope):
+        (SendDelegateMessage):
+
 2018-12-18  David Kilzer  <ddkilzer@apple.com>
 
         clang-tidy: Use const reference for MediaTime parameter to prevent object copy
index 9b2b77f..a2b61b1 100644 (file)
 #include "ContainerNode.h"
 #include <wtf/MainThread.h>
 
+#if PLATFORM(IOS_FAMILY)
+#include "WebCoreThread.h"
+#endif
+
 namespace WebCore {
 
 class ScriptDisallowedScope {
@@ -86,7 +90,11 @@ public:
         static bool isScriptAllowed()
         {
             ASSERT(isMainThread());
+#if PLATFORM(IOS_FAMILY)
+            return !s_count || webThreadDelegateMessageScopeCount;
+#else
             return !s_count;
+#endif
         }
     };
     
index e7d7bc6..e115405 100644 (file)
@@ -44,6 +44,7 @@ typedef struct {
 } WebThreadContext;
     
 extern volatile bool webThreadShouldYield;
+extern volatile unsigned webThreadDelegateMessageScopeCount;
 
 #ifdef __OBJC__
 @class NSRunLoop;
index df0c0b1..b7336c1 100644 (file)
@@ -132,6 +132,8 @@ static void WebCoreObjCDeallocWithWebThreadLockImpl(id self, SEL _cmd);
 
 static NSMutableArray* sAsyncDelegates = nil;
 
+WEBCORE_EXPORT volatile unsigned webThreadDelegateMessageScopeCount = 0;
+
 static inline void SendMessage(NSInvocation* invocation)
 {
     [invocation invoke];
@@ -171,6 +173,16 @@ static void HandleDelegateSource(void*)
 #endif
 }
 
+class WebThreadDelegateMessageScope {
+public:
+    WebThreadDelegateMessageScope() { ++webThreadDelegateMessageScopeCount; }
+    ~WebThreadDelegateMessageScope()
+    {
+        ASSERT(webThreadDelegateMessageScopeCount);
+        --webThreadDelegateMessageScopeCount;
+    }
+};
+
 static void SendDelegateMessage(NSInvocation* invocation)
 {
     if (!WebThreadIsCurrent()) {
@@ -194,6 +206,7 @@ static void SendDelegateMessage(NSInvocation* invocation)
 #endif
 
     {
+        WebThreadDelegateMessageScope delegateScope;
         // Code block created to scope JSC::JSLock::DropAllLocks outside of WebThreadLock()
         JSC::JSLock::DropAllLocks dropAllLocks(WebCore::commonVM());
         _WebThreadUnlock();