Bug 146988

Summary: REGRESSION(r186088): Crash under WebKit::WebPageProxy::didFailLoadForFrame
Product: WebKit Reporter: Brady Eidson <beidson>
Component: WebKit2Assignee: Brady Eidson <beidson>
Status: RESOLVED FIXED    
Severity: Normal CC: berto, cgarcia, commit-queue, gustavo, gyuyoung.kim, mcatanzaro, mrobinson, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch v1
thorton: review+
Patch v2 - Alternate approach came up with Tim while reviewing
none
Patch v3 sam: review+

Description Brady Eidson 2015-07-15 15:47:08 PDT 
REGRESSION(r186088): Crash under WebKit::WebPageProxy::didFailLoadForFrame 

For WKView apps:
This WebPageProxy methods calls m_loaderClient->didFailLoadWithErrorForFrame(), and inside that callback the embedding app can cause the WKView to go away.
When a WKView goes away, it's PageClientImpl gets destroyed also.
But then we call into m_pageClient, which was just destroyed...

So we'll add a refView and derefView method to PageClient, add a RefPtr-style object to manage those, and use it in any method where a loaderClient method is called but is not the last thing to be called in the method.
Comment 1 Brady Eidson 2015-07-15 16:43:43 PDT 
Created attachment 256878 [details]
Patch v1
Comment 2 Brady Eidson 2015-07-15 17:07:30 PDT 
Created attachment 256879 [details]
Patch v2 - Alternate approach came up with Tim while reviewing
Comment 3 Tim Horton 2015-07-15 17:11:29 PDT 
Comment on attachment 256878 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=256878&action=review

Plz fix iOS.

> Source/WebKit2/UIProcess/WebPageProxy.cpp:277
> +class PageClientViewRefPtr {

Protector
Comment 4 Brady Eidson 2015-07-15 17:23:34 PDT 
Created attachment 256880 [details]
Patch v3
Comment 5 WebKit Commit Bot 2015-07-15 17:24:38 PDT 
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Comment 6 WebKit Commit Bot 2015-07-15 17:24:53 PDT 
Attachment 256880 [details] did not pass style-queue:


ERROR: Source/WebKit2/UIProcess/ios/PageClientImplIOS.mm:744:  Tab found; better to use spaces  [whitespace/tab] [1]
ERROR: Source/WebKit2/UIProcess/ios/PageClientImplIOS.mm:746:  Tab found; better to use spaces  [whitespace/tab] [1]
ERROR: Source/WebKit2/UIProcess/ios/PageClientImplIOS.mm:751:  Tab found; better to use spaces  [whitespace/tab] [1]
ERROR: Source/WebKit2/UIProcess/ios/PageClientImplIOS.mm:753:  Tab found; better to use spaces  [whitespace/tab] [1]
ERROR: Source/WebKit2/UIProcess/ios/PageClientImplIOS.h:189:  Tab found; better to use spaces  [whitespace/tab] [1]
Total errors found: 5 in 8 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 7 Michael Catanzaro 2015-07-15 19:10:01 PDT 
For GTK the implementation of those functions would be:

void PageClientImpl::refView()
{
  g_object_ref(m_viewWidget);
}

void PageClientImpl::derefView()
{
  g_object_unref(m_viewWidget);
}

For EFL, I will CC Gyuyoung, but the EFL bot will be happy if they're implemented in WebViewEfl.
Comment 8 Brady Eidson 2015-07-15 21:05:05 PDT 
https://trac.webkit.org/changeset/186887
Comment 9 Anders Carlsson 2015-07-16 10:23:01 PDT 
Comment on attachment 256880 [details]
Patch v3

View in context: https://bugs.webkit.org/attachment.cgi?id=256880&action=review

> Source/WebKit2/UIProcess/mac/PageClientImpl.mm:848
> +void PageClientImpl::refView()
> +{
> +    [m_wkView retain];
> +}
> +
> +void PageClientImpl::derefView()
> +{
> +    [m_wkView release];
> +}
> +

This is wrong. It should use CFRetain/CFRelease or it will break under GC.
Comment 10 Brady Eidson 2015-07-16 10:40:32 PDT 
(In reply to comment #9)
> Comment on attachment 256880 [details]
> Patch v3
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=256880&action=review
> 
> > Source/WebKit2/UIProcess/mac/PageClientImpl.mm:848
> > +void PageClientImpl::refView()
> > +{
> > +    [m_wkView retain];
> > +}
> > +
> > +void PageClientImpl::derefView()
> > +{
> > +    [m_wkView release];
> > +}
> > +
> 
> This is wrong. It should use CFRetain/CFRelease or it will break under GC.

Fixed in https://trac.webkit.org/changeset/186897