Created attachment 355089 [details] Test case If a DownloadProxy is invalidated while the DownloadClient is deciding the destination, then the app will crash when the decision handler is called. The troublesome line of code is in DownloadProxy::decideDestinationWithSuggestedFilenameAsync: if (auto* networkProcess = m_processPool->networkProcess()) m_processPool is null (due to the DownloadProxyMap invalidating the proxy when the download is canceled), so you get an invalid memory access trying to get the process pool's m_networkProcess. So if you get unlucky and the UI process gets notified that the download has been canceled while the destination decision handler is still outstanding, you have three terrible options: - Call the decision handler and crash. - Don't call the decision handler, and crash due to CompletionHandlerCallChecker getting upset. - Strategically deallocate the handler block and @try/@catch the resulting exception to stay alive. The code in decideDestinationWithSuggestedFilenameAsync()'s handler should check that m_processPool in non-null before trying to access its network process.
<rdar://problem/46151509>
Created attachment 355258 [details] Patch
Comment on attachment 355258 [details] Patch Clearing flags on attachment: 355258 Committed r238381: <https://trac.webkit.org/changeset/238381>
All reviewed patches have been landed. Closing bug.
Comment on attachment 355258 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=355258&action=review > Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm:30 > +#if PLATFORM(MAC) || PLATFORM(IOS) Let's just remove this.