Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d06f9c09279f01de58eb0d9202d9b8a1ad92d679
https://github.com/WebKit/WebKit/commit/d06f9c09279f01de58eb0d9202d9b8a1ad92d679
Author: Chris Dumez <[email protected]>
Date: 2026-07-03 (Fri, 03 Jul 2026)
Changed paths:
M Source/WebKit/UIProcess/WebProcessProxy.cpp
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/RemoteObjectRegistry.h
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/RemoteObjectRegistry.mm
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/RemoteObjectRegistryPlugIn.mm
Log Message:
-----------
Sign in with Apple unsuccessful and causes reload due to problem - Received
an invalid message 'RemoteObjectRegistry_InvokeMethod'
rdar://178567852
Reviewed by Alex Christensen.
The injected bundle's -webProcessPlugIn:willDestroyBrowserContextController:
hook fires synchronously from WebPage::close() in the WebProcess, and bundle
clients are allowed to invoke a UIProcess-side _WKRemoteObjectRegistry method
from that hook. The resulting RemoteObjectRegistry::InvokeMethod IPC arrives
at the UIProcess after WebPageProxy::close() has synchronously called
WebProcessProxy::removeWebPage(), so the page is no longer in m_pageMap (or
m_remotePages / m_provisionalPages / m_suspendedPages).
WebProcessProxy::handleRemoteObjectRegistryMessage then returned false, which
caused the generated didReceiveMessage to mark the decoder invalid and the
IPC layer to call WebProcessProxy::didReceiveInvalidMessage, terminating an
otherwise well-behaved WebProcess.
To fix this, mark every content process for the page as pending-close before
dispatching Messages::WebPage::Close, and only clear the marker once the
async reply arrives. WebProcessProxy::isAssociatedWithPage already consults
m_pagesPendingClose, so a late-arriving InvokeMethod is now recognized and
delivered to the registry. m_pagesPendingClose is changed from HashSet to
HashCountedSet so the regular close path and the provisional-page-swap close
path compose correctly when both target the same page.
handleRemoteObjectRegistryMessage is reworked to consult isAssociatedWithPage
and look the page up via the global WebPageProxy::fromIdentifier, replacing
the four sequential map walks.
Note that this commit makes the branch more in-line with main after 314178@main.
314178@main already takes care of adding the page to m_pagesPendingClose while
we're sending the WebPage::Close IPC. Also include the fix from 314426@main,
since it fixed a crash introduced by 314178@main.
TLDR: this PR is essentially a merge for 314178@main & 314178@main from
main so that WebProcessProxy::m_pagesPendingClose gets properly populated.
Then WebProcessProxy::handleRemoteObjectRegistryMessage() is updated to
call WebProcessProxy::isAssociatedWithPage() instead of duplicating its
logic. WebProcessProxy::isAssociatedWithPage also has the benefit of
checking m_pagesPendingClose already.
Update WKWebView.EvaluateJavaScriptBlockCrash test expectation to match
313673@main: now that Messages::WebPage::Close is an async-reply message,
the WebProcess is kept alive (via the shutdownPreventingScope held in the
Close reply handler) long enough for the pending evaluateJavaScript IPC to
be processed and reply with a successful empty result, instead of being
cancelled by Connection::cancelAsyncReplyHandlers when the connection is
invalidated. The completion handler is therefore invoked with a nil error,
matching the same test expectation update made in 313673@main.
Tests: RemoteObjectRegistry.InvokeMethodFromBundleDuringPageClose
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::~ProvisionalPageProxy):
* Source/WebKit/UIProcess/RemotePageProxy.cpp:
(WebKit::RemotePageProxy::disconnect):
* Source/WebKit/UIProcess/SuspendedPageProxy.cpp:
(WebKit::SuspendedPageProxy::close):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::close):
(WebKit::WebPageProxy::commitProvisionalPage):
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::~WebProcessProxy):
(WebKit::WebProcessProxy::sendPageCloseMessage):
(WebKit::WebProcessProxy::handleRemoteObjectRegistryMessage):
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::close):
(WebKit::WebPage::closeWithReply): Deleted.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistry.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistry.mm:
(TEST(RemoteObjectRegistry, InvokeMethodFromBundleDuringPageClose)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistryPlugIn.mm:
(-[RemoteObjectRegistryPlugIn triggerCallToUIProcessOnClose]):
(-[RemoteObjectRegistryPlugIn
webProcessPlugIn:willDestroyBrowserContextController:]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewEvaluateJavaScript.mm:
(TEST(WKWebView, EvaluateJavaScriptBlockCrash)):
Originally-landed-as: [email protected] (d0f2013438ba).
rdar://181073656
Canonical link: https://commits.webkit.org/316477@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications