107240 2013-01-18 01:25:47 -0800 [Soup] Frequent crashes on redirections 2013-01-18 08:30:14 -0800 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Major --- 1 svillar svillar danw gustavo mrobinson rakuco svillar webkit.review.bot oldest_to_newest 810350 0 svillar 2013-01-18 01:25:47 -0800 These are the outcomes from gdb and valgrind sessions: (gdb) bt #0 0x000000000337dc60 in ?? () #1 0x00007ffff2266973 in WebCore::doRedirect (handle=0x3a20bd0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:485 #2 0x00007ffff2266a3e in WebCore::redirectCloseCallback (res=0x23c2ca0, data=0x3a20bd0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:495 #3 0x00007fffec87e4f2 in async_ready_close_callback_wrapper (source_object=0x18de130, res=0x23c2ca0, user_data=0x3a20bd0) at ginputstream.c:543 #4 0x00007fffec8aa804 in g_task_return_now (task=0x23c2ca0) at gtask.c:1102 #5 0x00007fffec8aa902 in g_task_return (task=0x23c2ca0, type=G_TASK_RETURN_ERROR) at gtask.c:1155 #6 0x00007fffec8ab27f in g_task_return_error (task=0x23c2ca0, error=0x2182a40) at gtask.c:1622 #7 0x00007fffef520baf in close_async_ready (msg=0x23a6e30, user_data=0x23c2ca0) at soup-client-input-stream.c:163 #8 0x00007fffef53bac7 in message_source_dispatch (source=0x33afdc0, callback=0x7fffef520b05 <close_async_ready>, user_data=0x23c2ca0) at soup-message-io.c:720 #9 0x00007fffec0ae47f in g_main_dispatch (context=0x7382f0) at gmain.c:2784 #10 0x00007fffec0af02f in g_main_context_dispatch (context=0x7382f0) at gmain.c:3288 #11 0x00007fffec0af21f in g_main_context_iterate (context=0x7382f0, block=1, dispatch=1, self=0x771960) at gmain.c:3359 #12 0x00007fffec0af2e3 in g_main_context_iteration (context=0x7382f0, may_block=1) at gmain.c:3420 #13 0x00007fffec8d5039 in g_application_run (application=0x920000, argc=1, argv=0x7fffffffda18) at gapplication.c:1620 #14 0x0000000000434e51 in main (argc=1, argv=0x7fffffffda18) at ephy-main.c:478 --- ==13881== Invalid read of size 8 ==13881== at 0x79CE94A: WebCore::doRedirect(WebCore::ResourceHandle*) (ResourceHandleSoup.cpp:485) ==13881== by 0x79CEA3D: WebCore::redirectCloseCallback(_GObject*, _GAsyncResult*, void*) (ResourceHandleSoup.cpp:495) ==13881== by 0x100C74F1: async_ready_close_callback_wrapper (ginputstream.c:543) ==13881== by 0x100F3803: g_task_return_now (gtask.c:1102) ==13881== by 0x100F3901: g_task_return (gtask.c:1155) ==13881== by 0x100F427E: g_task_return_error (gtask.c:1622) ==13881== by 0xD4BBBAE: close_async_ready (soup-client-input-stream.c:163) ==13881== by 0xD4D6AC6: message_source_dispatch (soup-message-io.c:720) ==13881== by 0x108BC47E: g_main_dispatch (gmain.c:2784) ==13881== by 0x108BD02E: g_main_context_dispatch (gmain.c:3288) ==13881== by 0x108BD21E: g_main_context_iterate (gmain.c:3359) ==13881== by 0x108BD2E2: g_main_context_iteration (gmain.c:3420) ==13881== Address 0x23de1100 is 0 bytes inside a block of size 1,048 free'd ==13881== at 0x4C28F5C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13881== by 0xCAECE26: WTF::fastFree(void*) (FastMalloc.cpp:336) ==13881== by 0x707D8F4: WTF::RefCounted<WebCore::ResourceLoader>::operator delete(void*) (RefCounted.h:197) ==13881== by 0x70915B3: WebCore::SubresourceLoader::~SubresourceLoader() (SubresourceLoader.cpp:79) ==13881== by 0x6FD0A0F: WTF::RefCounted<WebCore::ResourceLoader>::deref() (RefCounted.h:202) ==13881== by 0x6FD0383: void WTF::derefIfNotNull<WebCore::ResourceLoader>(WebCore::ResourceLoader*) (PassRefPtr.h:53) ==13881== by 0x6FCFEC6: WTF::RefPtr<WebCore::ResourceLoader>::~RefPtr() (RefPtr.h:56) ==13881== by 0x7087C79: WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) (ResourceLoader.cpp:411) ==13881== by 0x7079042: WebCore::MainResourceLoader::cancel(WebCore::ResourceError const&) (MainResourceLoader.cpp:134) ==13881== by 0x7078ED6: WebCore::MainResourceLoader::cancel() (MainResourceLoader.cpp:116) ==13881== by 0x7025D9D: WebCore::DocumentLoader::stopLoading() (DocumentLoader.cpp:257) ==13881== by 0x7042D2F: WebCore::FrameLoader::stopAllLoaders(WebCore::ClearProvisionalItemPolicy) (FrameLoader.cpp:1556) 810408 1 183413 svillar 2013-01-18 02:35:06 -0800 Created attachment 183413 Patch 810617 2 183413 mrobinson 2013-01-18 08:11:16 -0800 Comment on attachment 183413 Patch Thanks for the fix! While landing this do you think you can also fix the style of GAsyncResult* res? It should be called result. 810635 3 svillar 2013-01-18 08:30:14 -0800 Committed r140154: <http://trac.webkit.org/changeset/140154> 183413 2013-01-18 02:35:06 -0800 2013-01-18 08:11:16 -0800 Patch bug-107240-20130118113204.patch text/plain 1724 svillar U3VidmVyc2lvbiBSZXZpc2lvbjogMTM5ODY4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMzczYjI3MDY5ZTVmNmZk ZDgxZTdmMzJjZTY0ODQ3M2NlZmZjOGYzOC4uYjAzYmRkMmM4NTNlY2E0NjUyOTkxMzBmNDg3MTFm Y2Q4NGUxNzExMiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDEzLTAxLTE4ICBTZXJn aW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29tPgorCisgICAgICAgIFtTb3VwXSBG cmVxdWVudCBjcmFzaGVzIG9uIHJlZGlyZWN0aW9ucworICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTA3MjQwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9C T0RZIChPT1BTISkuCisKKyAgICAgICAgV2UgbXVzdCBlbnN1cmUgdGhhdCB0aGUgUmVzb3VyY2VI YW5kbGUgaGFzIG5vdCBiZWluZyBjYW5jZWxsZWQKKyAgICAgICAgYmVmb3JlIHBlcmZvcm1pbmcg YSByZWRpcmVjdC4gVGhpcyBjb3VsZCBoYXBwZW4gd2hpbGUgd2UgY2xvc2UgdGhlCisgICAgICAg IHN0cmVhbSB1c2VkIHRvIHJlYWQgdGhlIHJlZGlyZWN0IHJlc3BvbnNlIGJlY2F1c2UgaXQgaXMg ZG9uZQorICAgICAgICBhc3luY2hyb25vdXNseS4KKworICAgICAgICAqIHBsYXRmb3JtL25ldHdv cmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwOgorICAgICAgICAoV2ViQ29yZTo6cmVkaXJl Y3RDbG9zZUNhbGxiYWNrKToKKwogMjAxMy0wMS0xNiAgUGFibG8gRmxvdXJldCAgPHBhYmxvZkBt b3Rvcm9sYS5jb20+CiAKICAgICAgICAgSW1wbGVtZW50IENTU1N1cHBvcnRzUnVsZQpkaWZmIC0t Z2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL1Jlc291cmNlSGFuZGxl U291cC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VI YW5kbGVTb3VwLmNwcAppbmRleCBjN2FjMDM0NTgxNTkzMTkzNmM4MTk2NTUwYjkyZjJlMjc1ODcy ZjkzLi4zYTk3ZGI1YThjNDQ4NjdhMTdhNTlkMGMxNWUwOThhMjg3ZDEzYzA0IDEwMDY0NAotLS0g YS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3Vw LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VI YW5kbGVTb3VwLmNwcApAQCAtNDkxLDYgKzQ5MSwxMSBAQCBzdGF0aWMgdm9pZCByZWRpcmVjdENs b3NlQ2FsbGJhY2soR09iamVjdCosIEdBc3luY1Jlc3VsdCogcmVzLCBncG9pbnRlciBkYXRhKQog ICAgIFJlZlB0cjxSZXNvdXJjZUhhbmRsZT4gaGFuZGxlID0gc3RhdGljX2Nhc3Q8UmVzb3VyY2VI YW5kbGUqPihkYXRhKTsKICAgICBSZXNvdXJjZUhhbmRsZUludGVybmFsKiBkID0gaGFuZGxlLT5n ZXRJbnRlcm5hbCgpOwogCisgICAgaWYgKGQtPm1fY2FuY2VsbGVkIHx8ICFoYW5kbGUtPmNsaWVu dCgpKSB7CisgICAgICAgIGNsZWFudXBTb3VwUmVxdWVzdE9wZXJhdGlvbihoYW5kbGUuZ2V0KCkp OworICAgICAgICByZXR1cm47CisgICAgfQorCiAgICAgZ19pbnB1dF9zdHJlYW1fY2xvc2VfZmlu aXNoKGQtPm1faW5wdXRTdHJlYW0uZ2V0KCksIHJlcywgMCk7CiAgICAgZG9SZWRpcmVjdChoYW5k bGUuZ2V0KCkpOwogfQo=