Bug 200062 - Crash in WebContent process with custom schemes
Summary: Crash in WebContent process with custom schemes
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brady Eidson
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-07-23 16:56 PDT by Brady Eidson
Modified: 2019-07-24 13:29 PDT (History)
3 users (show)

See Also:


Attachments
Patch (1.49 KB, patch)
2019-07-23 17:04 PDT, Brady Eidson
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brady Eidson 2019-07-23 16:56:06 PDT
Crash in WebContent process with customer schemes.


WebKit: WebKit::WebURLSchemeTaskProxy::processNextPendingTask() <==
  WebKit: WebKit::WebURLSchemeHandlerProxy::taskDidReceiveData(unsigned long long, unsigned long, unsigned char const*)
    WebKit: WebKit::WebURLSchemeHandlerProxy::taskDidReceiveData(unsigned long long, unsigned long, unsigned char const*)
      WebKit: WebKit::WebPage::urlSchemeTaskDidReceiveData(unsigned long long, unsigned long long, IPC::DataReference const&)
        WebKit: WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)

Everywhere else in WebURLSchemeTaskProxy we protect it with a Ref before later calling processNextPendingTask.
But not in didReceiveData.

So lets do that.

<rdar://problem/52968793>
Comment 1 Brady Eidson 2019-07-23 17:04:15 PDT
Created attachment 374737 [details]
Patch
Comment 2 WebKit Commit Bot 2019-07-24 13:28:37 PDT
Comment on attachment 374737 [details]
Patch

Clearing flags on attachment: 374737

Committed r247787: <https://trac.webkit.org/changeset/247787>
Comment 3 WebKit Commit Bot 2019-07-24 13:28:38 PDT
All reviewed patches have been landed.  Closing bug.
Comment 4 Radar WebKit Bug Importer 2019-07-24 13:29:18 PDT
<rdar://problem/53510380>