Bug 208855 - Make sure that ServiceWorkerFrameLoaderClient lifetime exceeds its frame lifetime
Summary: Make sure that ServiceWorkerFrameLoaderClient lifetime exceeds its frame life...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Service Workers (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-03-10 04:11 PDT by youenn fablet
Modified: 2020-03-10 11:46 PDT (History)
5 users (show)

See Also:

Attachments
Patch (11.68 KB, patch)
2020-03-10 04:19 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description youenn fablet 2020-03-10 04:11:30 PDT 
Make sure that ServiceWorkerFrameLoaderClient lifetime exceeds its frame lifetime
Comment 1 youenn fablet 2020-03-10 04:11:46 PDT 
<rdar://problem/60187332>
Comment 2 youenn fablet 2020-03-10 04:19:07 PDT 
Created attachment 393134 [details]
Patch
Comment 3 Chris Dumez 2020-03-10 09:08:22 PDT 
Comment on attachment 393134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=393134&action=review

> Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:92
> +void ServiceWorkerFrameLoaderClient::frameLoaderDestroyed()

This seems like code that is bound to cause leaks, error prone at the very least. If you call ServiceWorkerFrameLoaderClient::create() and do nothing, it leaks. Not a great pattern.
Comment 4 youenn fablet 2020-03-10 09:29:09 PDT 
(In reply to Chris Dumez from comment #3)
> Comment on attachment 393134 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=393134&action=review
> 
> > Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:92
> > +void ServiceWorkerFrameLoaderClient::frameLoaderDestroyed()
> 
> This seems like code that is bound to cause leaks, error prone at the very
> least. If you call ServiceWorkerFrameLoaderClient::create() and do nothing,
> it leaks. Not a great pattern.

Agreed.
This is the current pattern for all WebFrameLoaderClient in WebKit1 and WebKit2.
I thought of making Frame take a UniqueRef<FrameLoaderClient> so that we do not have this pattern anymore but ended up more conservative in this patch to specifically fix this crash. Refactoring could be done as a follow-up.
Comment 5 Geoffrey Garen 2020-03-10 10:19:12 PDT 
Comment on attachment 393134 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=393134&action=review

>>> Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:92
>>> +void ServiceWorkerFrameLoaderClient::frameLoaderDestroyed()
>> 
>> This seems like code that is bound to cause leaks, error prone at the very least. If you call ServiceWorkerFrameLoaderClient::create() and do nothing, it leaks. Not a great pattern.
> 
> Agreed.
> This is the current pattern for all WebFrameLoaderClient in WebKit1 and WebKit2.
> I thought of making Frame take a UniqueRef<FrameLoaderClient> so that we do not have this pattern anymore but ended up more conservative in this patch to specifically fix this crash. Refactoring could be done as a follow-up.

And in some cases, we just leak new WebFrameLoaderClient!
Comment 6 Geoffrey Garen 2020-03-10 10:20:38 PDT 
Comment on attachment 393134 [details]
Patch

r=me

Seems right to me that we should fix the bug and then change the design, so I guess I'll say r+.

The ownership design for WebFrameLoaderClient seems busted and worth fixing, though. I'd prefer a design where FrameLoader kept a unique_ptr to the client, or, if that's not possible, then a RefPtr.
Comment 7 WebKit Commit Bot 2020-03-10 11:46:23 PDT 
Comment on attachment 393134 [details]
Patch

Clearing flags on attachment: 393134

Committed r258223: <https://trac.webkit.org/changeset/258223>
Comment 8 WebKit Commit Bot 2020-03-10 11:46:25 PDT 
All reviewed patches have been landed.  Closing bug.