Attachment 348959 Details for Bug 189314 – Patch

[patch] Patch

bug-189314-20180905133833.patch (text/plain), 3.53 KB, created by Chris Dumez on 2018-09-05 13:38:34 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Chris Dumez

Created: 2018-09-05 13:38:34 PDT

Size: 3.53 KB

patch

obsolete

>Subversion Revision: 235669
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 266104c9dd0dcac1c7f8665b4d152151e36da5b5..3fa6b3b7a407aeb8d641d28e6b26d7ba35d5ddc7 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,27 @@
>+2018-09-05  Chris Dumez  <cdumez@apple.com>
>+
>+        WebKit/Platform/IPC/mac/ConnectionMac.mm:222: _dispatch_bug_kevent_vanished
>+        https://bugs.webkit.org/show_bug.cgi?id=189314
>+        <rdar://problem/41248286>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        There is a short period in time when m_isServer is true, after open() has been
>+        called, but before we've receive the InitializeConnection IPC, where m_receiveSource
>+        has been initialized but m_isConnected is still false. If platformInvalidate() gets
>+        called during this period of time, we would fail to cancel / release m_receiveSource
>+        and we would forcefully deallocate m_receivePort, leading to the libdispatch simulated
>+        crashes.
>+
>+        To address the issue, platformInvalidate() now properly cancels / releases
>+        m_receiveSource if present, and only deallocates m_receivePort manually if m_receiveSource
>+        has not been initialized (i.e. open() has not been called yet).
>+
>+        * Platform/IPC/Connection.h:
>+        * Platform/IPC/mac/ConnectionMac.mm:
>+        (IPC::Connection::platformInvalidate):
>+        (IPC::Connection::clearReceiveSource):
>+
> 2018-09-04  Frederic Wang  <fwang@igalia.com>
> 
>         Add basic support for ScrollIntoViewOptions
>diff --git a/Source/WebKit/Platform/IPC/Connection.h b/Source/WebKit/Platform/IPC/Connection.h
>index 79565afb7051f0921b68952cf43f836bf3e50d80..8d14a01790ffd4f8b2f2ac54be529db5537ec3c0 100644
>--- a/Source/WebKit/Platform/IPC/Connection.h
>+++ b/Source/WebKit/Platform/IPC/Connection.h
>@@ -357,6 +357,7 @@ private:
>     void receiveSourceEventHandler();
>     void initializeSendSource();
>     void resumeSendSource();
>+    void clearReceiveSource();
> 
>     mach_port_t m_sendPort { MACH_PORT_NULL };
>     dispatch_source_t m_sendSource { nullptr };
>diff --git a/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm b/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm
>index d9ce5796f5fb2e9ae580919e8de937be4ad614f6..67156fd08d012def97f7d992f517ab430e72bd96 100644
>--- a/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm
>+++ b/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm
>@@ -116,11 +116,21 @@ void Connection::platformInvalidate()
> {
>     if (!m_isConnected) {
>         if (m_sendPort) {
>+            ASSERT(!m_isServer);
>             deallocateSendRightSafely(m_sendPort);
>             m_sendPort = MACH_PORT_NULL;
>         }
> 
>+        if (m_receiveSource) {
>+            // For a short period of time, when m_isServer is true and open() has been called, m_receiveSource has been initialized
>+            // but m_isConnected has not been set to true yet. In this case, we need to cancel m_receiveSource instead of destroying
>+            // m_receivePort ourselves.
>+            ASSERT(m_isServer);
>+            clearReceiveSource();
>+        }
>+
>         if (m_receivePort) {
>+            ASSERT(m_isServer);
> #if !PLATFORM(WATCHOS)
>             mach_port_unguard(mach_task_self(), m_receivePort, reinterpret_cast<mach_port_context_t>(this));
> #endif
>@@ -144,6 +154,11 @@ void Connection::platformInvalidate()
>     m_sendSource = nullptr;
>     m_sendPort = MACH_PORT_NULL;
> 
>+    clearReceiveSource();
>+}
>+
>+void Connection::clearReceiveSource()
>+{
>     dispatch_source_cancel(m_receiveSource);
>     dispatch_release(m_receiveSource);
>     m_receiveSource = nullptr;

Actions: View | Formatted Diff | Diff

Attachments on bug 189314: 348959 | 349028