Bug 314129
| Summary: | Only update page main frame's process in ProvisionalPageProxy::didCommitLoadForFrame when committing the main frame itself | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Basuke Suzuki <basuke> |
| Component: | New Bugs | Assignee: | Basuke Suzuki <basuke> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Basuke Suzuki
In ProvisionalPageProxy::didCommitLoadForFrame, the code assigns the provisional page's FrameProcess to the underlying page's main frame when the frame process has changed:
bool frameProcessChanged = m_frameProcess.ptr() != pageMainFrameProcess.ptr();
if (frameProcessChanged)
pageMainFrame->setProcess(m_frameProcess);
This assignment is only correct when the provisional commit is for the page's main frame itself. Under Site Isolation, a provisional page may commit for a different frame (e.g., during a multi-process BFCache restoration), in which case overwriting the page main frame's FrameProcess with the provisional's FrameProcess is incorrect — it leaves the real main frame pointing to the wrong process.
Guard the setProcess call with 'pageMainFrame == m_mainFrame' so we only update the process when the provisional owns the page main frame. In paths where the provisional is for the main frame (the common case), this is a no-op.
Prep patch for rdar://173743733 (multi-process BFCache restoration under Site Isolation).
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Basuke Suzuki
<rdar://problem/176305054>
Basuke Suzuki
Pull request: https://github.com/WebKit/WebKit/pull/64310
EWS
Committed 312737@main (64bbad66316c): <https://commits.webkit.org/312737@main>
Reviewed commits have been landed. Closing PR #64310 and removing active labels.