Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 9ff5a32. rdar://122995875
Add nullptr check for ProcessLauncher client https://bugs.webkit.org/show_bug.cgi?id=269759 rdar://122995875 Reviewed by Brent Fulgham. This patch fixes a null pointer dereference crash that was introduced in <https://commits.webkit.org/274390@main>. The commit 274390@main introduced a race condition by holding a reference to the Process launcher in the completion handler for starting WebKit extension processes. This reference was held througout the duration of the completion handler. This meant that on rare occasions, the Process launcher could be deleted at the end of the completion handler, instead of in the AuxiliaryProcessProxy destructor, where it normally is invalidated and deleted. The lambda to finish the launch scheduled from the completion handler on the main thread could then end up having a Process launcher that was invalidated but not deallocated. When the Process launcher is invalidated, the m_client member is set to nullptr. This member is later dereferenced in ProcessLauncher::finishLaunchingProcess, and caused a null pointer crash in this case. This patch is fixing the crash by reverting the change in 274390@main that introduced the crash as well as adding a null pointer check for m_client, to guard against this race being reintroduced in the future. * Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm: (WebKit::ProcessLauncher::launchProcess): Canonical link: https://commits.webkit.org/275047@main Identifier: 272448.581@safari-7618.1.15.10-branch
- Loading branch information