Attachment 349028 Details for Bug 189314 – Patch

[patch] Patch

bug-189314-20180906084526.patch (text/plain), 3.60 KB, created by Chris Dumez on 2018-09-06 08:45:27 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Chris Dumez

Created: 2018-09-06 08:45:27 PDT

Size: 3.60 KB

patch

obsolete

>Subversion Revision: 235737
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 5a5f554d1e5a293e1df79a0821ea69c044aabc4c..b2eeed878608cab6a4ed35b5583f6da1e2d7485f 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,27 @@
>+2018-09-06  Chris Dumez  <cdumez@apple.com>
>+
>+        WebKit/Platform/IPC/mac/ConnectionMac.mm:222: _dispatch_bug_kevent_vanished
>+        https://bugs.webkit.org/show_bug.cgi?id=189314
>+        <rdar://problem/41248286>
>+
>+        Reviewed by Anders Carlsson.
>+
>+        There is a short period in time when m_isServer is true, after open() has been
>+        called, but before we've receive the InitializeConnection IPC, where m_receiveSource
>+        has been initialized but m_isConnected is still false. If platformInvalidate() gets
>+        called during this period of time, we would fail to cancel / release m_receiveSource
>+        and we would forcefully deallocate m_receivePort, leading to the libdispatch simulated
>+        crashes.
>+
>+        To address the issue, platformInvalidate() now properly cancels / releases
>+        m_receiveSource if present, and only deallocates m_receivePort manually if m_receiveSource
>+        has not been initialized (i.e. open() has not been called yet).
>+
>+        * Platform/IPC/Connection.h:
>+        * Platform/IPC/mac/ConnectionMac.mm:
>+        (IPC::Connection::platformInvalidate):
>+        (IPC::Connection::clearReceiveSource):
>+
> 2018-09-05  David Kilzer  <ddkilzer@apple.com>
> 
>         REGRESSION (r235489): WKSharingServicePickerDelegate.mm accidentally added back to Sources in WebKit project
>diff --git a/Source/WebKit/Platform/IPC/Connection.h b/Source/WebKit/Platform/IPC/Connection.h
>index 79565afb7051f0921b68952cf43f836bf3e50d80..e359470ce6bb94bd37101dd1dbd41fd0b8d91b1b 100644
>--- a/Source/WebKit/Platform/IPC/Connection.h
>+++ b/Source/WebKit/Platform/IPC/Connection.h
>@@ -357,6 +357,7 @@ private:
>     void receiveSourceEventHandler();
>     void initializeSendSource();
>     void resumeSendSource();
>+    void cancelReceiveSource();
> 
>     mach_port_t m_sendPort { MACH_PORT_NULL };
>     dispatch_source_t m_sendSource { nullptr };
>diff --git a/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm b/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm
>index d9ce5796f5fb2e9ae580919e8de937be4ad614f6..b21b8f76a9959eee92e17ff9959b0b3264d9621e 100644
>--- a/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm
>+++ b/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm
>@@ -116,11 +116,21 @@ void Connection::platformInvalidate()
> {
>     if (!m_isConnected) {
>         if (m_sendPort) {
>+            ASSERT(!m_isServer);
>             deallocateSendRightSafely(m_sendPort);
>             m_sendPort = MACH_PORT_NULL;
>         }
> 
>+        if (m_receiveSource) {
>+            // For a short period of time, when m_isServer is true and open() has been called, m_receiveSource has been initialized
>+            // but m_isConnected has not been set to true yet. In this case, we need to cancel m_receiveSource instead of destroying
>+            // m_receivePort ourselves.
>+            ASSERT(m_isServer);
>+            cancelReceiveSource();
>+        }
>+
>         if (m_receivePort) {
>+            ASSERT(m_isServer);
> #if !PLATFORM(WATCHOS)
>             mach_port_unguard(mach_task_self(), m_receivePort, reinterpret_cast<mach_port_context_t>(this));
> #endif
>@@ -144,6 +154,11 @@ void Connection::platformInvalidate()
>     m_sendSource = nullptr;
>     m_sendPort = MACH_PORT_NULL;
> 
>+    cancelReceiveSource();
>+}
>+
>+void Connection::cancelReceiveSource()
>+{
>     dispatch_source_cancel(m_receiveSource);
>     dispatch_release(m_receiveSource);
>     m_receiveSource = nullptr;

Actions: View | Formatted Diff | Diff

Attachments on bug 189314: 348959 | 349028