Bug 222172

Summary: Norton Safe Web extension is causing crashes / hangs under [WKRemoteObjectEncoder encodeObject:forKey:]
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Severity: Normal CC: achristensen, darin, ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 219620    
Description Flags
Patch none

Description Chris Dumez 2021-02-19 07:53:39 PST
Norton Safe Web extension is causing crashes / hangs under [WKRemoteObjectEncoder encodeObject:forKey:]. Bug 219620 was supposed to fix it but it didn't.
Comment 1 Chris Dumez 2021-02-19 08:13:39 PST
Created attachment 420969 [details]
Comment 2 EWS 2021-02-19 09:29:17 PST
Committed r273141: <https://commits.webkit.org/r273141>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 420969 [details].
Comment 3 Radar WebKit Bug Importer 2021-02-19 09:30:16 PST
Comment 4 Darin Adler 2021-02-19 09:46:05 PST
Comment on attachment 420969 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=420969&action=review

> Source/WebKit/ChangeLog:22
> +        The logic introduced in r270559 to detect cycles was flawed because it relied on a NSSet of
> +        NSObject* and [NSSet containsObject:] to detect the cycles. The issue is that [NSSet containsObject:]
> +        doesn't do a simple pointer comparison but instead calls [NSObject isEqual:] which is very
> +        expensive for types like NSDictionary and leads to trouble when the dictionary contains a cycle.
> +        To address this I replaced the NSSet with a WTF::HashSet<NSObject *> so that key lookup ends up
> +        doing a simple pointer comparison.

Fine to use HashSet, but note that within the Cocoa world the NSMapTable collection is available for uses like this.