RESOLVED FIXED152213
Web Inspector: Too many derefs when RemoteInspectorXPCConnection fails to validate connection 
https://bugs.webkit.org/show_bug.cgi?id=152213
Summary Web Inspector: Too many derefs when RemoteInspectorXPCConnection fails to val...
Joseph Pecoraro
Reported 2015-12-11 23:27:43 PST
* SUMMARY Too many derefs when RemoteInspectorXPCConnection fails to validate connection. We call closeOnQueue() and deref(), but the closeOnQueue will cause an XPC_ERROR_CONNECTION_INVALID to deref() the connection again. We should only deref in one place, this code should just trigger the close.
Attachments
[PATCH] Proposed Fix (1.96 KB, patch)
2015-12-11 23:29 PST, Joseph Pecoraro 		rniwa: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2015-12-11 23:27:56 PST
<rdar://problem/23870973>
Joseph Pecoraro
Comment 2 2015-12-11 23:29:34 PST
Created attachment 267223 [details] [PATCH] Proposed Fix
Ryosuke Niwa
Comment 3 2015-12-11 23:33:00 PST
Comment on attachment 267223 [details] [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=267223&action=review rs=me > Source/JavaScriptCore/inspector/remote/RemoteInspectorXPCConnection.mm:-182 > - m_closed = true; > - m_client = nullptr; It looks like we always evaluate these two statements before calling closeOnQueue() elsewhere. Is it really safe not to set these values?
Joseph Pecoraro
Comment 4 2015-12-11 23:43:07 PST
(In reply to comment #3) > Comment on attachment 267223 [details] > [PATCH] Proposed Fix > > View in context: > https://bugs.webkit.org/attachment.cgi?id=267223&action=review > > rs=me > > > Source/JavaScriptCore/inspector/remote/RemoteInspectorXPCConnection.mm:-182 > > - m_closed = true; > > - m_client = nullptr; > > It looks like we always evaluate these two statements before calling > closeOnQueue() elsewhere. > Is it really safe not to set these values? Thanks for the careful review! I don't think it is necessary here. We don't want to set m_client = nullptr yet, because we do want to inform the client that we are closing, which will happen in the handling of XPC_ERROR_CONNECTION_INVALID. The case of `close` and `closeFromMessage` it is the client doing the closing, so they don't need to be informed that the connection is closing. We could set m_close, but we might as well delay that until when we actually do the closing with XPC_ERROR_CONNECTION_INVALID triggered by this. So waiting and closing there feels more natural.
Joseph Pecoraro
Comment 5 2015-12-11 23:44:47 PST
<http://trac.webkit.org/changeset/194005>
Note You need to log in before you can comment on or make changes to this bug.