Bug 270610

Summary:	[IPCTestingAPI] JSGlobalObject may be destroyed when sending IPC messages during page teardown
Product:	WebKit	Reporter:	Charlie Wolfe <charliew>
Component:	Tools / Tests	Assignee:	Charlie Wolfe <charliew>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Charlie Wolfe

Reported 2024-03-06 17:25:06 PST

Some objects send IPC messages in their destructor. So, when the page is being torn down, it is possible that the JSGlobalObject associated with the JSContextRef we are storing has already been destroyed. To fix this, we should instead hold a weak reference to the global object and early return when it has been destroyed.

Attachments
Add attachment proposed patch, testcase, etc.

Charlie Wolfe

Comment 1 2024-03-06 17:25:54 PST

rdar://114871193

Charlie Wolfe

Comment 2 2024-03-06 17:28:41 PST

Pull request: https://github.com/WebKit/WebKit/pull/25560

EWS

Comment 3 2024-03-07 09:00:28 PST

Committed 275792@main (de54ecba6b59): <https://commits.webkit.org/275792@main> Reviewed commits have been landed. Closing PR #25560 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.