REGRESSION(r222772): [GTK][WPE] WebProcess from WebKitGtk+ 2.19.9x SI…

…GSEVs in WebKit::WebProcess::ensureNetworkProcessConnection() at Source/WebKit/WebProcess/WebProcess.cpp:1127 https://bugs.webkit.org/show_bug.cgi?id=183348 Reviewed by Michael Catanzaro. Source/WebKit: When connection doesn't exit in case of sync message failure, always exit in case of failing to send GetNetworkProcessConnection or GetStorageProcessConnection messages. This can happen when the WebView is created and destroyed quickly. * WebProcess/WebProcess.cpp: (WebKit::WebProcess::ensureNetworkProcessConnection): (WebKit::WebProcess::ensureWebToStorageProcessConnection): Tools: Add a test case to reproduce the crash. * TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp: (testWebViewCloseQuickly): (beforeAll): Canonical link: https://commits.webkit.org/200733@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231298 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · May 3, 2018 · 7d913957b1e9668796e26440d503e0b88265e229 · 7d91395
1 parent 188963f
commit 7d913957b1e9668796e26440d503e0b88265e229
Showing with 61 additions and 2 deletions.

+15 −0 Source/WebKit/ChangeLog

+20 −2 Source/WebKit/WebProcess/WebProcess.cpp

+13 −0 Tools/ChangeLog

+13 −0 Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,18 @@
+2018-05-03  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        REGRESSION(r222772): [GTK][WPE] WebProcess from WebKitGtk+ 2.19.9x SIGSEVs in WebKit::WebProcess::ensureNetworkProcessConnection() at Source/WebKit/WebProcess/WebProcess.cpp:1127
+        https://bugs.webkit.org/show_bug.cgi?id=183348
+
+        Reviewed by Michael Catanzaro.
+
+        When connection doesn't exit in case of sync message failure, always exit in case of failing to send
+        GetNetworkProcessConnection or GetStorageProcessConnection messages. This can happen when the WebView is created
+        and destroyed quickly.
+
+        * WebProcess/WebProcess.cpp:
+        (WebKit::WebProcess::ensureNetworkProcessConnection):
+        (WebKit::WebProcess::ensureWebToStorageProcessConnection):
+
 2018-05-02  Nan Wang  <n_wang@apple.com>
 
         AX: Missing kAXSWebAccessibilityEventsEnabledNotification causes a crash

diff --git a/Source/WebKit/WebProcess/WebProcess.cpp b/Source/WebKit/WebProcess/WebProcess.cpp
@@ -1148,8 +1148,18 @@ NetworkProcessConnection& WebProcess::ensureNetworkProcessConnection()
     if (!m_networkProcessConnection) {
         IPC::Attachment encodedConnectionIdentifier;
 
-        if (!parentProcessConnection()->sendSync(Messages::WebProcessProxy::GetNetworkProcessConnection(), Messages::WebProcessProxy::GetNetworkProcessConnection::Reply(encodedConnectionIdentifier), 0, Seconds::infinity(), IPC::SendSyncOption::DoNotProcessIncomingMessagesWhenWaitingForSyncReply))
+        if (!parentProcessConnection()->sendSync(Messages::WebProcessProxy::GetNetworkProcessConnection(), Messages::WebProcessProxy::GetNetworkProcessConnection::Reply(encodedConnectionIdentifier), 0, Seconds::infinity(), IPC::SendSyncOption::DoNotProcessIncomingMessagesWhenWaitingForSyncReply)) {
+#if PLATFORM(GTK) || PLATFORM(WPE)
+            // GTK+ and WPE ports don't exit on send sync message failure.
+            // In this particular case, the network process can be terminated by the UI process while the
+            // Web process is still initializing, so we always want to exit instead of crashing. This can
+            // happen when the WebView is created and then destroyed quickly.
+            // See https://bugs.webkit.org/show_bug.cgi?id=183348.
+            exit(0);
+#else
             CRASH();
+#endif
+        }
 
 #if USE(UNIX_DOMAIN_SOCKETS)
         IPC::Connection::Identifier connectionIdentifier = encodedConnectionIdentifier.releaseFileDescriptor();
@@ -1222,8 +1232,16 @@ WebToStorageProcessConnection& WebProcess::ensureWebToStorageProcessConnection(P
     if (!m_webToStorageProcessConnection) {
         IPC::Attachment encodedConnectionIdentifier;
 
-        if (!parentProcessConnection()->sendSync(Messages::WebProcessProxy::GetStorageProcessConnection(initialSessionID), Messages::WebProcessProxy::GetStorageProcessConnection::Reply(encodedConnectionIdentifier), 0))
+        if (!parentProcessConnection()->sendSync(Messages::WebProcessProxy::GetStorageProcessConnection(initialSessionID), Messages::WebProcessProxy::GetStorageProcessConnection::Reply(encodedConnectionIdentifier), 0)) {
+#if PLATFORM(GTK) || PLATFORM(WPE)
+            // GTK+ and WPE ports don't exit on send sync message failure.
+            // In this particular case, the storage process can be terminated by the UI process while the
+            // connection is being done, so we always want to exit instead of crashing.
+            // See https://bugs.webkit.org/show_bug.cgi?id=183348.
+#else
             CRASH();
+#endif
+        }
 
 #if USE(UNIX_DOMAIN_SOCKETS)
         IPC::Connection::Identifier connectionIdentifier = encodedConnectionIdentifier.releaseFileDescriptor();

diff --git a/Tools/ChangeLog b/Tools/ChangeLog
@@ -1,3 +1,16 @@
+2018-05-03  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        REGRESSION(r222772): [GTK][WPE] WebProcess from WebKitGtk+ 2.19.9x SIGSEVs in WebKit::WebProcess::ensureNetworkProcessConnection() at Source/WebKit/WebProcess/WebProcess.cpp:1127
+        https://bugs.webkit.org/show_bug.cgi?id=183348
+
+        Reviewed by Michael Catanzaro.
+
+        Add a test case to reproduce the crash.
+
+        * TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp:
+        (testWebViewCloseQuickly):
+        (beforeAll):
+
 2018-05-02  Aditya Keerthi  <akeerthi@apple.com>
 
         Can't copy and paste URLs that have no title into Mail (macOS)

diff --git a/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp b/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp
@@ -105,6 +105,18 @@ static void testWebViewWebContextLifetime(WebViewTest* test, gconstpointer)
     g_object_unref(webContext2);
 }
 
+static void testWebViewCloseQuickly(WebViewTest* test, gconstpointer)
+{
+    auto webView = Test::adoptView(Test::createWebView());
+    test->assertObjectIsDeletedWhenTestFinishes(G_OBJECT(webView.get()));
+    g_idle_add([](gpointer userData) -> gboolean {
+        static_cast<WebViewTest*>(userData)->quitMainLoop();
+        return G_SOURCE_REMOVE;
+    }, test);
+    g_main_loop_run(test->m_mainLoop);
+    webView = nullptr;
+}
+
 #if PLATFORM(WPE)
 static void testWebViewWebBackend(Test* test, gconstpointer)
 {
@@ -1203,6 +1215,7 @@ void beforeAll()
 
     WebViewTest::add("WebKitWebView", "web-context", testWebViewWebContext);
     WebViewTest::add("WebKitWebView", "web-context-lifetime", testWebViewWebContextLifetime);
+    WebViewTest::add("WebKitWebView", "close-quickly", testWebViewCloseQuickly);
 #if PLATFORM(WPE)
     Test::add("WebKitWebView", "backend", testWebViewWebBackend);
 #endif