Occasional unreproducible crashes in MessageReceiverMap::dispatchMessage
authortimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 18 Sep 2014 16:26:27 +0000 (16:26 +0000)
committertimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 18 Sep 2014 16:26:27 +0000 (16:26 +0000)
https://bugs.webkit.org/show_bug.cgi?id=136909
<rdar://problem/17758325>

Reviewed by Anders Carlsson.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView dealloc]):
We're seeing some messages dispatched on the WebContext that end up
attempting to call dispatchMessage on a freed MessageReceiver.
The WKRemoteObjectRegistry message receiver is added to the WebContext
message receiver map, but never removed, despite the WebContext easily
outliving the WKWebView that owns the remote object registry.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@173722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm

index 4ee82346f328fc1f19bef2dd5150cee8c3b6e7a5..c14b4c2b8b8e7f4e4414fa2aadf065059f81a4d5 100644 (file)
@@ -1,3 +1,19 @@
+2014-09-18  Tim Horton  <timothy_horton@apple.com>
+
+        Occasional unreproducible crashes in MessageReceiverMap::dispatchMessage
+        https://bugs.webkit.org/show_bug.cgi?id=136909
+        <rdar://problem/17758325>
+
+        Reviewed by Anders Carlsson.
+
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (-[WKWebView dealloc]):
+        We're seeing some messages dispatched on the WebContext that end up
+        attempting to call dispatchMessage on a freed MessageReceiver.
+        The WKRemoteObjectRegistry message receiver is added to the WebContext
+        message receiver map, but never removed, despite the WebContext easily
+        outliving the WKWebView that owns the remote object registry.
+
 2014-09-17  Rohit Kumar  <kumar.rohit@samsung.com>
 
         [EFL][WK2] Use the correct enum for control key in Ewk_Event_Modifiers in ewk_navigation_policy_decision.cpp
index 3a6bcd7546081b7e669dd0c6c351e075445e1e7f..cdd9c165c0153d81f636245f365b6b61980beb26 100644 (file)
@@ -352,6 +352,9 @@ static int32_t deviceOrientation()
 
 - (void)dealloc
 {
+    if (_remoteObjectRegistry)
+        _page->process().context().removeMessageReceiver(Messages::RemoteObjectRegistry::messageReceiverName(), _page->pageID());
+
     _page->close();
 
     [_remoteObjectRegistry _invalidate];