Skip to content
Permalink
Browse files
2010-12-17 Anders Carlsson <andersca@apple.com>
        Reviewed by Sam Weinig.

        Resizing a WKView while loading a page can leave the page at a size that doesn't match the window
        https://bugs.webkit.org/show_bug.cgi?id=51282
        <rdar://problem/8133142>

        Fix a race condition in waitForMessage. If we time out on the wait condition, we would keep the
        m_waitForMessageMutex mutex unlocked for a brief period of time before taking the lock again and
        then removing the messageID/destinationID pair from the hash map. Under some circumstances, the
        connection queue would update the hash map right before we removed it, leading to a lost message.

        * Platform/CoreIPC/Connection.cpp:
        (CoreIPC::Connection::waitForMessage):

Canonical link: https://commits.webkit.org/64645@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@74303 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
Anders Carlsson committed Dec 18, 2010
1 parent d7c9fde commit dd1942c5c46466984effa59ac379c35009edaf48
Showing 2 changed files with 23 additions and 10 deletions.
@@ -1,3 +1,19 @@
2010-12-17 Anders Carlsson <andersca@apple.com>

Reviewed by Sam Weinig.

Resizing a WKView while loading a page can leave the page at a size that doesn't match the window
https://bugs.webkit.org/show_bug.cgi?id=51282
<rdar://problem/8133142>

Fix a race condition in waitForMessage. If we time out on the wait condition, we would keep the
m_waitForMessageMutex mutex unlocked for a brief period of time before taking the lock again and
then removing the messageID/destinationID pair from the hash map. Under some circumstances, the
connection queue would update the hash map right before we removed it, leading to a lost message.

* Platform/CoreIPC/Connection.cpp:
(CoreIPC::Connection::waitForMessage):

2010-12-17 Anders Carlsson <andersca@apple.com>

Reviewed by Simon Fraser.
@@ -140,10 +140,8 @@ PassOwnPtr<ArgumentDecoder> Connection::waitForMessage(MessageID messageID, uint
m_waitForMessageMap.set(messageAndDestination, 0);
}

bool timedOut = false;

// Now wait for it to be set.
while (!timedOut) {
while (true) {
MutexLocker locker(m_waitForMessageMutex);

HashMap<std::pair<unsigned, uint64_t>, ArgumentDecoder*>::iterator it = m_waitForMessageMap.find(messageAndDestination);
@@ -154,14 +152,13 @@ PassOwnPtr<ArgumentDecoder> Connection::waitForMessage(MessageID messageID, uint
return arguments.release();
}

// We didn't find it, keep waiting.
timedOut = !m_waitForMessageCondition.timedWait(m_waitForMessageMutex, absoluteTime);
}
// Now we wait.
if (!m_waitForMessageCondition.timedWait(m_waitForMessageMutex, absoluteTime)) {
// We timed out, now remove the pending wait.
m_waitForMessageMap.remove(messageAndDestination);

// We timed out, now remove the pending wait.
{
MutexLocker locker(m_waitForMessageMutex);
m_waitForMessageMap.remove(messageAndDestination);
break;
}
}

return PassOwnPtr<ArgumentDecoder>();

0 comments on commit dd1942c

Please sign in to comment.