Correct nullptr dereference during shutdown

https://bugs.webkit.org/show_bug.cgi?id=177845 <rdar://problem/33651405> Reviewed by Chris Dumez. It looks like the ResourceLoadStatisticsPersistentStorage destructor is calling code that attempts to use member variables in its owning class (WebResourceLoadStatisticsStore). Since these may have already been destroyed, they are in an invalid state when accessed. * UIProcess/ResourceLoadStatisticsPersistentStorage.cpp: (WebKit::ResourceLoadStatisticsPersistentStorage::~ResourceLoadStatisticsPersistentStorage): Do not call finishAllPendingWorkSynchronously() in the destructor, since it relies on the m_memoryStore to be a reference to completely valid object. * UIProcess/WebResourceLoadStatisticsStore.cpp: (WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore): Instead, call 'finishAllPendingWorkSynchronously' here, when the object is still in a known valid state. Canonical link: https://commits.webkit.org/194105@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@222826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Oct 4, 2017 · 62be5f8 · 62be5f8
1 parent 5010ef5
commit 62be5f8
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,23 @@
+2017-10-03  Brent Fulgham  <bfulgham@apple.com>
+
+        Correct nullptr dereference during shutdown
+        https://bugs.webkit.org/show_bug.cgi?id=177845
+        <rdar://problem/33651405>
+
+        Reviewed by Chris Dumez.
+
+        It looks like the ResourceLoadStatisticsPersistentStorage destructor is calling code that attempts
+        to use member variables in its owning class (WebResourceLoadStatisticsStore). Since these may have
+        already been destroyed, they are in an invalid state when accessed.
+
+        * UIProcess/ResourceLoadStatisticsPersistentStorage.cpp:
+        (WebKit::ResourceLoadStatisticsPersistentStorage::~ResourceLoadStatisticsPersistentStorage): Do not call
+        finishAllPendingWorkSynchronously() in the destructor, since it relies on the m_memoryStore to be
+        a reference to completely valid object.
+        * UIProcess/WebResourceLoadStatisticsStore.cpp:
+        (WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore): Instead, call
+        'finishAllPendingWorkSynchronously' here, when the object is still in a known valid state.
+
 2017-10-03  Alex Christensen  <achristensen@webkit.org>
 
         Moderize WebKit's back forward list code

diff --git a/Source/WebKit/UIProcess/ResourceLoadStatisticsPersistentStorage.cpp b/Source/WebKit/UIProcess/ResourceLoadStatisticsPersistentStorage.cpp
@@ -98,7 +98,6 @@ void ResourceLoadStatisticsPersistentStorage::initialize()
 
 ResourceLoadStatisticsPersistentStorage::~ResourceLoadStatisticsPersistentStorage()
 {
-    finishAllPendingWorkSynchronously();
     ASSERT(!m_hasPendingWrite);
 }
 

diff --git a/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp b/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp
@@ -174,6 +174,7 @@ WebResourceLoadStatisticsStore::WebResourceLoadStatisticsStore(const String& res
 
 WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore()
 {
+    m_persistentStorage.finishAllPendingWorkSynchronously();
 }
 
 void WebResourceLoadStatisticsStore::removeDataRecords()