157917 2016-05-19 13:27:20 -0700 REGRESSION(201098) GuardMalloc / ASan crashes in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply 2016-05-21 08:28:49 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 149117 154968 1 ryanhaddad beidson alecflett beidson commit-queue jsbell webkit-bug-importer oldest_to_newest 1194911 0 ryanhaddad 2016-05-19 13:27:20 -0700 Started with <http://trac.webkit.org/changeset/201098> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010feb513c WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply() + 44 1 com.apple.WebCore 0x000000010f56e05a WebCore::IDBServer::IDBServer::handleTaskRepliesOnMainThread() + 106 2 com.apple.JavaScriptCore 0x000000010e043fc7 WTF::dispatchFunctionsFromMainThread() + 519 3 com.apple.Foundation 0x00007fff90c0efde __NSThreadPerformPerform + 279 4 com.apple.CoreFoundation 0x00007fff894d7881 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 5 com.apple.CoreFoundation 0x00007fff894b6fbc __CFRunLoopDoSources0 + 556 6 com.apple.CoreFoundation 0x00007fff894b64df __CFRunLoopRun + 927 7 com.apple.CoreFoundation 0x00007fff894b5ed8 CFRunLoopRunSpecific + 296 8 com.apple.HIToolbox 0x00007fff8f6e1935 RunCurrentEventLoopInMode + 235 9 com.apple.HIToolbox 0x00007fff8f6e176f ReceiveNextEventCommon + 432 10 com.apple.HIToolbox 0x00007fff8f6e15af _BlockUntilNextEventMatchingListInModeWithFilter + 71 11 com.apple.AppKit 0x00007fff973b9efa _DPSNextEvent + 1067 12 com.apple.AppKit 0x00007fff973b932a -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 13 com.apple.AppKit 0x00007fff973ade84 -[NSApplication run] + 682 14 com.apple.AppKit 0x00007fff9737746c NSApplicationMain + 1176 15 libxpc.dylib 0x00007fff90afa194 _xpc_objc_main + 795 16 libxpc.dylib 0x00007fff90af8bbe xpc_main + 494 17 com.apple.WebKit.WebContent 0x000000010d6747df 0x10d673000 + 6111 18 libdyld.dylib 0x00007fff82be85ad start + 1 1194912 1 ryanhaddad 2016-05-19 13:27:57 -0700 <rdar://problem/26371025> 1194985 2 beidson 2016-05-19 14:59:19 -0700 This is nothing more than a missing protector ref. 1194989 3 beidson 2016-05-19 14:59:56 -0700 *** Bug 157915 has been marked as a duplicate of this bug. *** 1194991 4 279437 beidson 2016-05-19 15:03:15 -0700 Created attachment 279437 Patch 1194997 5 beidson 2016-05-19 15:16:28 -0700 EWS is smoking something. http://trac.webkit.org/changeset/201188 1195355 6 279437 darin 2016-05-21 08:28:49 -0700 Comment on attachment 279437 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=279437&action=review > Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp:1520 > + RefPtr<UniqueIDBDatabase> protectedThis(this); A case like this should use Ref rather than RefPtr. In fact, this is sort of the case that Kling made Ref for originally. 279437 2016-05-19 15:03:15 -0700 2016-05-19 15:04:08 -0700 Patch bug-157917-20160519150416.patch text/plain 2331 beidson U3VidmVyc2lvbiBSZXZpc2lvbjogMjAxMTc0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYTYzYWE3MDNlMGMwZWQ5 OWFiNWQxNzgxNjg4MTUwZmFmYzJhN2M1ZC4uM2FhN2MzNDk2YWU2MzBiMDM5NDVjNmQ5ZmYxNTA2 ZjhlNGM5ZjdhOSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDE2LTA1LTE5ICBCcmFk eSBFaWRzb24gIDxiZWlkc29uQGFwcGxlLmNvbT4KKworICAgICAgICBSRUdSRVNTSU9OKDIwMTA5 OCkgR3VhcmRNYWxsb2MgLyBBU2FuIGNyYXNoZXMgaW4gV2ViQ29yZTo6SURCU2VydmVyOjpVbmlx dWVJREJEYXRhYmFzZTo6ZXhlY3V0ZU5leHREYXRhYmFzZVRhc2tSZXBseQorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTU3OTE3CisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgTm8gbmV3IHRlc3RzIChDb3ZlcmVk IGJ5IGFsbCBleGlzdGluZyB0ZXN0cyBpbiBHbWFsbG9jL0FTQU4gY29uZmlncykuCisKKyAgICAg ICAgKiBNb2R1bGVzL2luZGV4ZWRkYi9zZXJ2ZXIvVW5pcXVlSURCRGF0YWJhc2UuY3BwOgorICAg ICAgICAoV2ViQ29yZTo6SURCU2VydmVyOjpVbmlxdWVJREJEYXRhYmFzZTo6flVuaXF1ZUlEQkRh dGFiYXNlKToKKyAgICAgICAgKFdlYkNvcmU6OklEQlNlcnZlcjo6VW5pcXVlSURCRGF0YWJhc2U6 OmV4ZWN1dGVOZXh0RGF0YWJhc2VUYXNrUmVwbHkpOiBQcm90ZWN0IHRoaXMgZnJvbSBkZWxldGlv biBiZWZvcmUgZXhlY3V0aW5nIHRoZSB0YXNrLgorCiAyMDE2LTA1LTE5ICBDaHJpcyBEdW1leiAg PGNkdW1lekBhcHBsZS5jb20+CiAKICAgICAgICAgVXBkYXRlIFJlbmRlckJsb2NrRmxvdzo6YWRq dXN0Q29tcHV0ZWRGb250U2l6ZXMoKSB0byB1c2UgUmVuZGVyT2JqZWN0VHJhdmVyc2FsCmRpZmYg LS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL2luZGV4ZWRkYi9zZXJ2ZXIvVW5pcXVlSURC RGF0YWJhc2UuY3BwIGIvU291cmNlL1dlYkNvcmUvTW9kdWxlcy9pbmRleGVkZGIvc2VydmVyL1Vu aXF1ZUlEQkRhdGFiYXNlLmNwcAppbmRleCBkNGJkNjVkZmIxODE5YTE1ZjZkZTNkY2QxNTE4Y2Mz OTY0Mzg1YzVhLi42MzdmYzlkNDk0NDgwZmJiNmVlNzRiNmEzNTIyMTI2NjVkZmU1ODJkIDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL2luZGV4ZWRkYi9zZXJ2ZXIvVW5pcXVlSURC RGF0YWJhc2UuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL01vZHVsZXMvaW5kZXhlZGRiL3NlcnZl ci9VbmlxdWVJREJEYXRhYmFzZS5jcHAKQEAgLTY1LDYgKzY1LDcgQEAgVW5pcXVlSURCRGF0YWJh c2U6On5VbmlxdWVJREJEYXRhYmFzZSgpCiAgICAgQVNTRVJUKG1fb3BlbkRhdGFiYXNlQ29ubmVj dGlvbnMuaXNFbXB0eSgpKTsKICAgICBBU1NFUlQobV9jbGllbnRDbG9zZVBlbmRpbmdEYXRhYmFz ZUNvbm5lY3Rpb25zLmlzRW1wdHkoKSk7CiAgICAgQVNTRVJUKG1fc2VydmVyQ2xvc2VQZW5kaW5n RGF0YWJhc2VDb25uZWN0aW9ucy5pc0VtcHR5KCkpOworICAgIEFTU0VSVCghbV9xdWV1ZWRUYXNr Q291bnQpOwogfQogCiBjb25zdCBJREJEYXRhYmFzZUluZm8mIFVuaXF1ZUlEQkRhdGFiYXNlOjpp bmZvKCkgY29uc3QKQEAgLTE1MTUsMTEgKzE1MTYsMTQgQEAgdm9pZCBVbmlxdWVJREJEYXRhYmFz ZTo6ZXhlY3V0ZU5leHREYXRhYmFzZVRhc2tSZXBseSgpCiAgICAgYXV0byB0YXNrID0gbV9kYXRh YmFzZVJlcGx5UXVldWUudHJ5R2V0TWVzc2FnZSgpOwogICAgIEFTU0VSVCh0YXNrKTsKIAorICAg IC8vIFBlcmZvcm1pbmcgdGhlIHRhc2sgbWlnaHQgZW5kIHVwIHJlbW92aW5nIHRoZSBsYXN0IHJl ZmVyZW5jZSB0byB0aGlzLgorICAgIFJlZlB0cjxVbmlxdWVJREJEYXRhYmFzZT4gcHJvdGVjdGVk VGhpcyh0aGlzKTsKKwogICAgIHRhc2stPnBlcmZvcm1UYXNrKCk7CiAgICAgLS1tX3F1ZXVlZFRh c2tDb3VudDsKIAogICAgIC8vIElmIHRoaXMgZGF0YWJhc2Ugd2FzIGZvcmNlIGNsb3NlZCAoZS5n LiBmb3IgYSB1c2VyIGRlbGV0ZSkgYW5kIHRoZXJlIGFyZSBubyBtb3JlCi0gICAgLy8gcXVldWVk IHRhc2tzIGxlZnQsIGRlbGV0ZSB0aGlzLgorICAgIC8vIGNsZWFudXAgdGFza3MgbGVmdCwgZGVs ZXRlIHRoaXMuCiAgICAgaWYgKG1faGFyZENsb3NlUHJvdGVjdG9yICYmIGRvbmVXaXRoSGFyZENs b3NlKCkpCiAgICAgICAgIG1faGFyZENsb3NlUHJvdGVjdG9yID0gbnVsbHB0cjsKIH0K