Bug 222172

Summary: Norton Safe Web extension is causing crashes / hangs under [WKRemoteObjectEncoder encodeObject:forKey:]
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, darin, ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 219620    
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2021-02-19 07:53:39 PST
Norton Safe Web extension is causing crashes / hangs under [WKRemoteObjectEncoder encodeObject:forKey:]. Bug 219620 was supposed to fix it but it didn't.
Attachments
Patch (7.36 KB, patch)
2021-02-19 08:13 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-02-19 08:13:39 PST
Created attachment 420969 [details] Patch
EWS
Comment 2 2021-02-19 09:29:17 PST
Committed r273141: <https://commits.webkit.org/r273141> All reviewed patches have been landed. Closing bug and clearing flags on attachment 420969 [details].
Radar WebKit Bug Importer
Comment 3 2021-02-19 09:30:16 PST
<rdar://problem/74525352>
Darin Adler
Comment 4 2021-02-19 09:46:05 PST
Comment on attachment 420969 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=420969&action=review > Source/WebKit/ChangeLog:22 > + The logic introduced in r270559 to detect cycles was flawed because it relied on a NSSet of > + NSObject* and [NSSet containsObject:] to detect the cycles. The issue is that [NSSet containsObject:] > + doesn't do a simple pointer comparison but instead calls [NSObject isEqual:] which is very > + expensive for types like NSDictionary and leads to trouble when the dictionary contains a cycle. > + To address this I replaced the NSSet with a WTF::HashSet<NSObject *> so that key lookup ends up > + doing a simple pointer comparison. Fine to use HashSet, but note that within the Cocoa world the NSMapTable collection is available for uses like this.
Note You need to log in before you can comment on or make changes to this bug.