127650 2014-01-26 05:29:30 -0800 [SOUP] WebProcess sometimes crashes when a download is cancelled 2014-01-27 00:22:36 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED Gtk P2 Normal --- 1 cgarcia webkit-unassigned gustavo oldest_to_newest 972184 0 cgarcia 2014-01-26 05:29:30 -0800 Program received signal SIGSEGV, Segmentation fault. 0x00007ffca626a00b in WebKit::Download::cancel() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 (gdb) bt #0 0x00007ffca626a00b in WebKit::Download::cancel() () fromWebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #1 0x00007ffca6402d90 in WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection*, IPC::MessageDecoder&) () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #2 0x00007ffca7769f8b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #3 0x00007ffca776a0d3 in IPC::Connection::dispatchOneMessage() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #4 0x00007ffca89c45b6 in WTF::RunLoop::performWork() () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #5 0x00007ffca89d10e9 in WTF::RunLoop::queueWork(WTF::RunLoop*) () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #6 0x00007ffca25084b5 in g_main_dispatch (context=0x1d80a20) at gmain.c:3068 #7 g_main_context_dispatch (context=context@entry=0x1d80a20) at gmain.c:3643 #8 0x00007ffca2508818 in g_main_context_iterate (context=0x1d80a20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3714 #9 0x00007ffca2508c1a in g_main_loop_run (loop=0x1e64af0) at gmain.c:3908 #10 0x00007ffca635e914 in WebProcessMainGtk () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #11 0x00007ffca14fa995 in __libc_start_main (main=0x400890 <main>, argc=2, ubp_av=0x7fffe13e1728, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffe13e1718) at libc-start.c:276 #12 0x00000000004008be in _start () 972185 1 222269 cgarcia 2014-01-26 05:39:15 -0800 Created attachment 222269 Patch 972194 2 222269 mrobinson 2014-01-26 08:30:15 -0800 Comment on attachment 222269 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=222269&action=review > Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp:241 > + RefPtr<ResourceHandle> resourceHandle = m_resourceHandle; > + m_resourceHandle = nullptr; You should use m_resourceHandle.release() here. 972352 3 cgarcia 2014-01-27 00:22:36 -0800 Committed r162830: <http://trac.webkit.org/changeset/162830> 222269 2014-01-26 05:39:15 -0800 2014-01-26 08:30:14 -0800 Patch wk-download-cancel-crash.diff text/plain 2254 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCA4OWExYjAwLi41NDNjNDMyIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjIg QEAKKzIwMTQtMDEtMjYgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgorCisgICAgICAgIFtTT1VQXSBXZWJQcm9jZXNzIHNvbWV0aW1lcyBjcmFzaGVzIHdoZW4gYSBk b3dubG9hZCBpcyBjYW5jZWxsZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTEyNzY1MAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFRoZSBwcm9ibGVtIGlzIHRoYXQgd2hlbiB0aGUgZG93bmxvYWQgaXMgY2Fu Y2VsbGVkLCB0aGUgZG93bmxvYWQKKyAgICAgICAgbWFuYWdlciByZW1vdmVzIHRoZSBkb3dubG9h ZCBmcm9tIHRoZSBtYXAgYW5kIGl0J3MgZGVsZXRlZC4gVGhlCisgICAgICAgIERvd25sb2FkIGRl c3RydWN0b3IgY2FsbHMgcGxhdGZvcm1JbnZhbGlkYXRlKCkgdGhhdCBjYW5jZWxzIHRoZQorICAg ICAgICByZXNvdXJjZSBoYW5kbGUgaWYgdGhlcmUncyBzdGlsbCBvbmUuIFdlIHNldCB0byBudWxs cHRyIHRoZQorICAgICAgICBSZXNvdXJjZUhhbmRsZSB3aGVuIHRoZSBkb3dubG9hZCBpcyBjYW5j ZWxsZWQgdG8gYXZvaWQgY2FuY2VsbGluZworICAgICAgICBpdCB0d2ljZSwgYnV0IGl0J3MgZG9u ZSBhZnRlciBjYWxsaW5nIERvd25sb2FkOjpkaWRDYW5jZWwoKS4gSXQKKyAgICAgICAgc2hvdWxk IGJlIGRvbmUgYmVmb3JlLCBiZWNhdXNlIGF0IHRoYXQgbW9tZW50LCB3aGVuIHRoZSBkb3dubG9h ZAorICAgICAgICBpcyBkZWxldGVkLCB0aGUgcmVzb3VyY2UgaGFuZGxlIHBvaW50ZXIgaXMgc3Rp bGwgdmFsaWQuCisKKyAgICAgICAgKiBTaGFyZWQvRG93bmxvYWRzL3NvdXAvRG93bmxvYWRTb3Vw LmNwcDoKKyAgICAgICAgKFdlYktpdDo6RG93bmxvYWQ6OmNhbmNlbCk6CisKIDIwMTQtMDEtMjUg IENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29tPgogCiAgICAgICAgIFtH VEtdIE1ha2Ugd2Via2l0X3VyaV9zY2hlbWVfcmVxdWVzdF9nZXRfd2ViX3ZpZXcoKSB3b3JrIHdp dGggQ3VzdG9tUHJvdG9jb2xzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvRG93 bmxvYWRzL3NvdXAvRG93bmxvYWRTb3VwLmNwcCBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9Eb3du bG9hZHMvc291cC9Eb3dubG9hZFNvdXAuY3BwCmluZGV4IDg2Y2RjZTMuLjM5MjY3YWMgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9Eb3dubG9hZHMvc291cC9Eb3dubG9hZFNvdXAu Y3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9Eb3dubG9hZHMvc291cC9Eb3dubG9hZFNv dXAuY3BwCkBAIC0yMzMsOCArMjMzLDEzIEBAIHZvaWQgRG93bmxvYWQ6OmNhbmNlbCgpCiB7CiAg ICAgaWYgKCFtX3Jlc291cmNlSGFuZGxlKQogICAgICAgICByZXR1cm47Ci0gICAgc3RhdGljX2Nh c3Q8RG93bmxvYWRDbGllbnQqPihtX2Rvd25sb2FkQ2xpZW50LmdldCgpKS0+Y2FuY2VsKG1fcmVz b3VyY2VIYW5kbGUuZ2V0KCkpOwotICAgIG1fcmVzb3VyY2VIYW5kbGUgPSAwOworCisgICAgLy8g Q2FuY2VsbGluZyB0aGUgZG93bmxvYWQgd2lsbCBkZWxldGUgaXQgYW5kIHBsYXRmb3JtSW52YWxp ZGF0ZSgpIHdpbGwgYmUgY2FsbGVkIGJ5IHRoZSBkZXN0cnVjdG9yLgorICAgIC8vIFNvLCB3ZSBu ZWVkIHRvIHNldCBtX3Jlc291cmNlSGFuZGxlIHRvIG51bGxwdHIgYmVmb3JlIGFjdHVhbGx5IGNh bmNlbGxpbmcgdGhlIGRvd25sb2FkIHRvIG1ha2Ugc3VyZQorICAgIC8vIGl0IHdvbid0IGJlIGNh bmNlbGxlZCBhZ2FpbiBieSBwbGF0Zm9ybUludmFsaWRhdGUuIFNlZSBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTI3NjUwLgorICAgIFJlZlB0cjxSZXNvdXJjZUhhbmRs ZT4gcmVzb3VyY2VIYW5kbGUgPSBtX3Jlc291cmNlSGFuZGxlOworICAgIG1fcmVzb3VyY2VIYW5k bGUgPSBudWxscHRyOworICAgIHN0YXRpY19jYXN0PERvd25sb2FkQ2xpZW50Kj4obV9kb3dubG9h ZENsaWVudC5nZXQoKSktPmNhbmNlbChyZXNvdXJjZUhhbmRsZS5nZXQoKSk7CiB9CiAKIHZvaWQg RG93bmxvYWQ6OnBsYXRmb3JtSW52YWxpZGF0ZSgpCg==