RESOLVED FIXED 208855
Make sure that ServiceWorkerFrameLoaderClient lifetime exceeds its frame lifetime 
https://bugs.webkit.org/show_bug.cgi?id=208855
Summary Make sure that ServiceWorkerFrameLoaderClient lifetime exceeds its frame life...
youenn fablet
Reported 2020-03-10 04:11:30 PDT
Make sure that ServiceWorkerFrameLoaderClient lifetime exceeds its frame lifetime
Attachments
Patch (11.68 KB, patch)
2020-03-10 04:19 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2020-03-10 04:11:46 PDT
<rdar://problem/60187332>
youenn fablet
Comment 2 2020-03-10 04:19:07 PDT
Created attachment 393134 [details] Patch
Chris Dumez
Comment 3 2020-03-10 09:08:22 PDT
Comment on attachment 393134 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393134&action=review > Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:92 > +void ServiceWorkerFrameLoaderClient::frameLoaderDestroyed() This seems like code that is bound to cause leaks, error prone at the very least. If you call ServiceWorkerFrameLoaderClient::create() and do nothing, it leaks. Not a great pattern.
youenn fablet
Comment 4 2020-03-10 09:29:09 PDT
(In reply to Chris Dumez from comment #3) > Comment on attachment 393134 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=393134&action=review > > > Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:92 > > +void ServiceWorkerFrameLoaderClient::frameLoaderDestroyed() > > This seems like code that is bound to cause leaks, error prone at the very > least. If you call ServiceWorkerFrameLoaderClient::create() and do nothing, > it leaks. Not a great pattern. Agreed. This is the current pattern for all WebFrameLoaderClient in WebKit1 and WebKit2. I thought of making Frame take a UniqueRef<FrameLoaderClient> so that we do not have this pattern anymore but ended up more conservative in this patch to specifically fix this crash. Refactoring could be done as a follow-up.
Geoffrey Garen
Comment 5 2020-03-10 10:19:12 PDT
Comment on attachment 393134 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393134&action=review >>> Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:92 >>> +void ServiceWorkerFrameLoaderClient::frameLoaderDestroyed() >> >> This seems like code that is bound to cause leaks, error prone at the very least. If you call ServiceWorkerFrameLoaderClient::create() and do nothing, it leaks. Not a great pattern. > > Agreed. > This is the current pattern for all WebFrameLoaderClient in WebKit1 and WebKit2. > I thought of making Frame take a UniqueRef<FrameLoaderClient> so that we do not have this pattern anymore but ended up more conservative in this patch to specifically fix this crash. Refactoring could be done as a follow-up. And in some cases, we just leak new WebFrameLoaderClient!
Geoffrey Garen
Comment 6 2020-03-10 10:20:38 PDT
Comment on attachment 393134 [details] Patch r=me Seems right to me that we should fix the bug and then change the design, so I guess I'll say r+. The ownership design for WebFrameLoaderClient seems busted and worth fixing, though. I'd prefer a design where FrameLoader kept a unique_ptr to the client, or, if that's not possible, then a RefPtr.
WebKit Commit Bot
Comment 7 2020-03-10 11:46:23 PDT
Comment on attachment 393134 [details] Patch Clearing flags on attachment: 393134 Committed r258223: <https://trac.webkit.org/changeset/258223>
WebKit Commit Bot
Comment 8 2020-03-10 11:46:25 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.