43046 – Crash in WKContextPostMessageToInjectedBundle if the web process has exited

Bug 43046 - Crash in WKContextPostMessageToInjectedBundle if the web process has exited

Summary: Crash in WKContextPostMessageToInjectedBundle if the web process has exited

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2010-07-27 07:38 PDT by Adam Roben (:aroben)
Modified:	2010-09-01 00:03 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Don't send messages to the injected bundle if the web process has exited (1.45 KB, patch) 2010-08-27 13:58 PDT, Adam Roben (:aroben)	sam: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Roben (:aroben) 2010-07-27 07:38:18 PDT

If WKContextPostMessageToInjectedBundle is called after the web process has exited, it will crash. Here's the backtrace:

 	WebKit.dll!CoreIPC::Connection::isValid()  Line 122 + 0x11 bytes	C++
 	WebKit.dll!CoreIPC::Connection::sendMessage(CoreIPC::MessageID messageID={...}, WTF::PassOwnPtr<CoreIPC::ArgumentEncoder> arguments={...})  Line 82 + 0x8 bytes	C++
 	WebKit.dll!WebKit::WebProcessProxy::sendMessage(CoreIPC::MessageID messageID={...}, WTF::PassOwnPtr<CoreIPC::ArgumentEncoder> arguments={...})  Line 125 + 0x22 bytes	C++
 	WebKit.dll!WebKit::WebProcessProxy::send<enum WebProcessMessage::Kind,CoreIPC::Arguments1<WebCore::String const &> >(WebProcessMessage::Kind messageID=PostMessageW, unsigned __int64 destinationID=0, const CoreIPC::Arguments1<WebCore::String const &> & arguments={...})  Line 138 + 0x23 bytes	C++
 	WebKit.dll!WebKit::WebContext::postMessageToInjectedBundle(WebCore::StringImpl * message=0x045a6db8)  Line 165 + 0x32 bytes	C++
>	WebKit.dll!WKContextPostMessageToInjectedBundle(OpaqueWKContext * contextRef=0x045a1890, OpaqueWKStringRef * messageRef=0x045a6db8)  Line 79	C++
 	WebKitTestRunner.exe!WTR::TestInvocation::invoke()  Line 112 + 0x1e bytes	C++
 	WebKitTestRunner.exe!WTR::TestController::runTest(const char * test=0x045a11f0)  Line 131	C++
 	WebKitTestRunner.exe!WTR::TestController::run()  Line 155 + 0x29 bytes	C++
 	WebKitTestRunner.exe!main(int argc=4, const char * * argv=0x045a0eb8)  Line 33	C++
 	WebKitTestRunner.exe!__tmainCRTStartup()  Line 597 + 0x17 bytes	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes	

WebContext::m_process is non-null, but m_process->isValid() is false. WebContext::postMessageToInjectedBundle doesn't check this before calling into m_process, though, leading to the crash.

Comment 1 Adam Roben (:aroben) 2010-07-27 07:42:00 PDT

<rdar://problem/8239455>

Comment 2 Adam Roben (:aroben) 2010-08-27 13:58:07 PDT

Created attachment 65762 [details]
Don't send messages to the injected bundle if the web process has exited

Comment 3 Adam Roben (:aroben) 2010-08-31 10:59:32 PDT

Committed r66508: <http://trac.webkit.org/changeset/66508>

Comment 4 WebKit Review Bot 2010-09-01 00:03:13 PDT

http://trac.webkit.org/changeset/66508 might have broken Leopard Intel Debug (Tests)
The following changes are on the blame list:
http://trac.webkit.org/changeset/66505
http://trac.webkit.org/changeset/66506
http://trac.webkit.org/changeset/66507
http://trac.webkit.org/changeset/66508
http://trac.webkit.org/changeset/66509