Bug 43046

Summary: Crash in WKContextPostMessageToInjectedBundle if the web process has exited
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Severity: Normal CC: abarth, andersca, eric, sam, webkit.review.bot
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Description Flags
Don't send messages to the injected bundle if the web process has exited sam: review+

Description Adam Roben (:aroben) 2010-07-27 07:38:18 PDT
If WKContextPostMessageToInjectedBundle is called after the web process has exited, it will crash. Here's the backtrace:

 	WebKit.dll!CoreIPC::Connection::isValid()  Line 122 + 0x11 bytes	C++
 	WebKit.dll!CoreIPC::Connection::sendMessage(CoreIPC::MessageID messageID={...}, WTF::PassOwnPtr<CoreIPC::ArgumentEncoder> arguments={...})  Line 82 + 0x8 bytes	C++
 	WebKit.dll!WebKit::WebProcessProxy::sendMessage(CoreIPC::MessageID messageID={...}, WTF::PassOwnPtr<CoreIPC::ArgumentEncoder> arguments={...})  Line 125 + 0x22 bytes	C++
 	WebKit.dll!WebKit::WebProcessProxy::send<enum WebProcessMessage::Kind,CoreIPC::Arguments1<WebCore::String const &> >(WebProcessMessage::Kind messageID=PostMessageW, unsigned __int64 destinationID=0, const CoreIPC::Arguments1<WebCore::String const &> & arguments={...})  Line 138 + 0x23 bytes	C++
 	WebKit.dll!WebKit::WebContext::postMessageToInjectedBundle(WebCore::StringImpl * message=0x045a6db8)  Line 165 + 0x32 bytes	C++
>	WebKit.dll!WKContextPostMessageToInjectedBundle(OpaqueWKContext * contextRef=0x045a1890, OpaqueWKStringRef * messageRef=0x045a6db8)  Line 79	C++
 	WebKitTestRunner.exe!WTR::TestInvocation::invoke()  Line 112 + 0x1e bytes	C++
 	WebKitTestRunner.exe!WTR::TestController::runTest(const char * test=0x045a11f0)  Line 131	C++
 	WebKitTestRunner.exe!WTR::TestController::run()  Line 155 + 0x29 bytes	C++
 	WebKitTestRunner.exe!main(int argc=4, const char * * argv=0x045a0eb8)  Line 33	C++
 	WebKitTestRunner.exe!__tmainCRTStartup()  Line 597 + 0x17 bytes	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes	

WebContext::m_process is non-null, but m_process->isValid() is false. WebContext::postMessageToInjectedBundle doesn't check this before calling into m_process, though, leading to the crash.
Comment 1 Adam Roben (:aroben) 2010-07-27 07:42:00 PDT
Comment 2 Adam Roben (:aroben) 2010-08-27 13:58:07 PDT
Created attachment 65762 [details]
Don't send messages to the injected bundle if the web process has exited
Comment 3 Adam Roben (:aroben) 2010-08-31 10:59:32 PDT
Committed r66508: <http://trac.webkit.org/changeset/66508>