[webkit-changes] [WebKit/WebKit] 6fdcc0: Web content processes sometimes crashes under Page...

Wed, 05 Mar 2025 14:48:02 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6fdcc035f663730065a10aad9dae8071f82ae93b
      
https://github.com/WebKit/WebKit/commit/6fdcc035f663730065a10aad9dae8071f82ae93b
  Author: Abrar Rahman Protyasha <a_protya...@apple.com>
  Date:   2025-03-05 (Wed, 05 Mar 2025)

  Changed paths:
    M Source/WebCore/loader/FrameLoader.cpp

  Log Message:
  -----------
  Web content processes sometimes crashes under Page::viewportArguments() calls 
from FrameLoader::commitProvisionalLoad()
https://bugs.webkit.org/show_bug.cgi?id=289182
rdar://145386222

Reviewed by Wenson Hsieh.

Sometimes the WP crashes under WebCore::Page::viewportArguments() with a
backtrace like this:

```
WTF::RawPtrTraits<WebCore::Frame>::unwrap(WebCore::Frame* const&) (WebCore)
  WTF::Ref<WebCore::Frame, WTF::RawPtrTraits<WebCore::Frame>, 
WTF::DefaultRefDerefTraits<WebCore::Frame>>::get() const (WebCore)
     WTF::Ref<WebCore::Frame, WTF::RawPtrTraits<WebCore::Frame>, 
WTF::DefaultRefDerefTraits<WebCore::Frame>>::Ref(WTF::Ref<WebCore::Frame, 
WTF::RawPtrTraits<WebCore::Frame>, WTF::DefaultRefDerefTraits<WebCore::Frame>> 
const&) (WebCore)
       WTF::Ref<WebCore::Frame, WTF::RawPtrTraits<WebCore::Frame>, 
WTF::DefaultRefDerefTraits<WebCore::Frame>>::Ref(WTF::Ref<WebCore::Frame, 
WTF::RawPtrTraits<WebCore::Frame>, WTF::DefaultRefDerefTraits<WebCore::Frame>> 
const&) (WebCore)
         WebCore::Page::protectedMainFrame() const (WebCore)
           WebCore::Page::viewportArguments() const (WebCore)
             WebCore::FrameLoader::commitProvisionalLoad() (WebCore)
```

While the root cause is yet to be determined, we can make the process
less crashy by null checking frame->page() before querying for viewport
arguments in FrameLoader::commitProvisionalLoad.

Note that this is better than null checking m_mainFrame on the Page
object, because Page holds a strong reference to m_mainFrame, and so if
we're crashing while dereferencing that object, it indicates all of Page
is null.

* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):

Canonical link: https://commits.webkit.org/291655@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to