Bug 43046 - Crash in WKContextPostMessageToInjectedBundle if the web process has exited
Summary: Crash in WKContextPostMessageToInjectedBundle if the web process has exited
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
Keywords: InRadar
Depends on:
Reported: 2010-07-27 07:38 PDT by Adam Roben (:aroben)
Modified: 2010-09-01 00:03 PDT (History)
5 users (show)

See Also:

Don't send messages to the injected bundle if the web process has exited (1.45 KB, patch)
2010-08-27 13:58 PDT, Adam Roben (:aroben)
sam: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2010-07-27 07:38:18 PDT
If WKContextPostMessageToInjectedBundle is called after the web process has exited, it will crash. Here's the backtrace:

 	WebKit.dll!CoreIPC::Connection::isValid()  Line 122 + 0x11 bytes	C++
 	WebKit.dll!CoreIPC::Connection::sendMessage(CoreIPC::MessageID messageID={...}, WTF::PassOwnPtr<CoreIPC::ArgumentEncoder> arguments={...})  Line 82 + 0x8 bytes	C++
 	WebKit.dll!WebKit::WebProcessProxy::sendMessage(CoreIPC::MessageID messageID={...}, WTF::PassOwnPtr<CoreIPC::ArgumentEncoder> arguments={...})  Line 125 + 0x22 bytes	C++
 	WebKit.dll!WebKit::WebProcessProxy::send<enum WebProcessMessage::Kind,CoreIPC::Arguments1<WebCore::String const &> >(WebProcessMessage::Kind messageID=PostMessageW, unsigned __int64 destinationID=0, const CoreIPC::Arguments1<WebCore::String const &> & arguments={...})  Line 138 + 0x23 bytes	C++
 	WebKit.dll!WebKit::WebContext::postMessageToInjectedBundle(WebCore::StringImpl * message=0x045a6db8)  Line 165 + 0x32 bytes	C++
>	WebKit.dll!WKContextPostMessageToInjectedBundle(OpaqueWKContext * contextRef=0x045a1890, OpaqueWKStringRef * messageRef=0x045a6db8)  Line 79	C++
 	WebKitTestRunner.exe!WTR::TestInvocation::invoke()  Line 112 + 0x1e bytes	C++
 	WebKitTestRunner.exe!WTR::TestController::runTest(const char * test=0x045a11f0)  Line 131	C++
 	WebKitTestRunner.exe!WTR::TestController::run()  Line 155 + 0x29 bytes	C++
 	WebKitTestRunner.exe!main(int argc=4, const char * * argv=0x045a0eb8)  Line 33	C++
 	WebKitTestRunner.exe!__tmainCRTStartup()  Line 597 + 0x17 bytes	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes	

WebContext::m_process is non-null, but m_process->isValid() is false. WebContext::postMessageToInjectedBundle doesn't check this before calling into m_process, though, leading to the crash.
Comment 1 Adam Roben (:aroben) 2010-07-27 07:42:00 PDT
Comment 2 Adam Roben (:aroben) 2010-08-27 13:58:07 PDT
Created attachment 65762 [details]
Don't send messages to the injected bundle if the web process has exited
Comment 3 Adam Roben (:aroben) 2010-08-31 10:59:32 PDT
Committed r66508: <http://trac.webkit.org/changeset/66508>