181061 2017-12-20 15:33:05 -0800 Crash when clearing std::optional<WebKit::WebServiceWorkerFetchTaskClient::BlobLoader> 2017-12-20 17:41:08 -0800 1 1 1 Unclassified WebKit Service Workers WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 youennf youennf achristensen beidson cdumez commit-queue ggaren webkit-bug-importer oldest_to_newest 1383858 0 youennf 2017-12-20 15:33:05 -0800 ==79588==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700015ad90 at pc 0x00010b45eb67 bp 0x7ffee743cb50 sp 0x7ffee743cb48 WRITE of size 1 at 0x60700015ad90 thread T0 ==79588==WARNING: invalid path to external symbolizer! ==79588==WARNING: Failed to use and restart external symbolizer! #0 0x10b45eb66 in std::optional<WebKit::WebServiceWorkerFetchTaskClient::BlobLoader>::clear() (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0xcf0b66) #1 0x10b45d0ed in std::optional<WebKit::WebServiceWorkerFetchTaskClient::BlobLoader>::operator=(std::nullopt_t) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0xcef0ed) #2 0x11cc2b119 in WebCore::DocumentThreadableLoader::didFinishLoading(unsigned long) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x28f6119) #3 0x11cd42967 in WebCore::CachedResource::checkNotify() (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2a0d967) #4 0x11cd3f6ba in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2a0a6ba) #5 0x11ccddc2e in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x29a8c2e) #6 0x10b42382b in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0xcb582b) #7 0x10b426b8e in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0xcb8b8e) #8 0x10b42607f in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0xcb807f) #9 0x10aaf07c0 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0x3827c0) #10 0x10a8a496e in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0x13696e) #11 0x10a8ae486 in IPC::Connection::dispatchOneMessage() (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit:x86_64+0x140486) #12 0x12b2321a7 in WTF::RunLoop::performWork() (/Volumes/Data/slave/high-sierra-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScrip<br> (Truncated recent description) 1383868 1 329960 youennf 2017-12-20 15:52:21 -0800 Created attachment 329960 Patch 1383891 2 329960 achristensen 2017-12-20 16:40:47 -0800 Comment on attachment 329960 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=329960&action=review > Source/WebKit/WebProcess/Storage/WebServiceWorkerFetchTaskClient.cpp:117 > - m_blobLoader = std::nullopt; > + auto toDelete = WTFMove(m_blobLoader); I think it would be better to just do std::exchange(m_blobLoader, std::nullopt). Then we wouldn't need to give anything a strange unused name. 1383895 3 329966 youennf 2017-12-20 16:50:25 -0800 Created attachment 329966 Patch for landing 1383934 4 329966 commit-queue 2017-12-20 17:39:12 -0800 Comment on attachment 329966 Patch for landing Clearing flags on attachment: 329966 Committed r226206: <https://trac.webkit.org/changeset/226206> 1383935 5 commit-queue 2017-12-20 17:39:13 -0800 All reviewed patches have been landed. Closing bug. 1383938 6 webkit-bug-importer 2017-12-20 17:41:08 -0800 <rdar://problem/36168892> 329960 2017-12-20 15:52:21 -0800 2017-12-20 16:50:24 -0800 Patch bug-181061-20171220155221.patch text/plain 1454 youennf U3VidmVyc2lvbiBSZXZpc2lvbjogMjI2MjAwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDQ4ZmZmZDU2ZTU3Y2VhMzZl MWQxNDAwNDY5MTYyYmRkM2ZmZWQ3NzcuLmU1NDU3YmZkMTUyOGRiNzc5Njg5MTlmMjFjMjAxMzA1 NjNkMzU3YjYgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTctMTItMjAgIFlvdWVubiBG YWJsZXQgIDx5b3Vlbm5AYXBwbGUuY29tPgorCisgICAgICAgIENyYXNoIHdoZW4gY2xlYXJpbmcg c3RkOjpvcHRpb25hbDxXZWJLaXQ6OldlYlNlcnZpY2VXb3JrZXJGZXRjaFRhc2tDbGllbnQ6OkJs b2JMb2FkZXI+CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0xODEwNjEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICAqIFdlYlByb2Nlc3MvU3RvcmFnZS9XZWJTZXJ2aWNlV29ya2VyRmV0Y2hUYXNrQ2xpZW50LmNw cDoKKyAgICAgICAgKFdlYktpdDo6V2ViU2VydmljZVdvcmtlckZldGNoVGFza0NsaWVudDo6ZGlk RmluaXNoQmxvYkxvYWRpbmcpOiBtb3ZpbmcgdGhlIG9iamVjdCB0byBub3QgZGVzdHJveSAndGhp cycgdG9vIHNvb24uCisKIDIwMTctMTItMjAgIFlvdWVubiBGYWJsZXQgIDx5b3Vlbm5AYXBwbGUu Y29tPgogCiAgICAgICAgIFN1cHBvcnQgc2VydmljZSB3b3JrZXIgaW50ZXJjZXB0aW9uIG9mIHJl cXVlc3Qgd2l0aCBibG9iIGJvZHkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvV2ViUHJvY2Vz cy9TdG9yYWdlL1dlYlNlcnZpY2VXb3JrZXJGZXRjaFRhc2tDbGllbnQuY3BwIGIvU291cmNlL1dl YktpdC9XZWJQcm9jZXNzL1N0b3JhZ2UvV2ViU2VydmljZVdvcmtlckZldGNoVGFza0NsaWVudC5j cHAKaW5kZXggYmIyMzQ3YTU0NDYxZGM0NDI2N2ZmMmU2ZDgzMjcyNzExMzc2YWRmYS4uZmE1MDMy ZjUyMzZlMmVlZmM0NDRlYzU1YmQ3Yjg0ZjY1MmFlOTQxYiAxMDA2NDQKLS0tIGEvU291cmNlL1dl YktpdC9XZWJQcm9jZXNzL1N0b3JhZ2UvV2ViU2VydmljZVdvcmtlckZldGNoVGFza0NsaWVudC5j cHAKKysrIGIvU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL1N0b3JhZ2UvV2ViU2VydmljZVdvcmtl ckZldGNoVGFza0NsaWVudC5jcHAKQEAgLTExNCw3ICsxMTQsNyBAQCB2b2lkIFdlYlNlcnZpY2VX b3JrZXJGZXRjaFRhc2tDbGllbnQ6OmRpZEZpbmlzaEJsb2JMb2FkaW5nKCkKIHsKICAgICBkaWRG aW5pc2goKTsKIAotICAgIG1fYmxvYkxvYWRlciA9IHN0ZDo6bnVsbG9wdDsKKyAgICBhdXRvIHRv RGVsZXRlID0gV1RGTW92ZShtX2Jsb2JMb2FkZXIpOwogfQogCiB2b2lkIFdlYlNlcnZpY2VXb3Jr ZXJGZXRjaFRhc2tDbGllbnQ6OmRpZEZhaWwoKQo= 329966 2017-12-20 16:50:25 -0800 2017-12-20 17:39:12 -0800 Patch for landing bug-181061-20171220165024.patch text/plain 1460 youennf U3VidmVyc2lvbiBSZXZpc2lvbjogMjI2MjAwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDQ4ZmZmZDU2ZTU3Y2VhMzZl MWQxNDAwNDY5MTYyYmRkM2ZmZWQ3NzcuLmExZTcyYTk3ZWU2NGYxMTI0ZWUyYzA3ZjExZDQyYTI1 ZjBlNDI5OTUgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTctMTItMjAgIFlvdWVubiBG YWJsZXQgIDx5b3Vlbm5AYXBwbGUuY29tPgorCisgICAgICAgIENyYXNoIHdoZW4gY2xlYXJpbmcg c3RkOjpvcHRpb25hbDxXZWJLaXQ6OldlYlNlcnZpY2VXb3JrZXJGZXRjaFRhc2tDbGllbnQ6OkJs b2JMb2FkZXI+CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0xODEwNjEKKworICAgICAgICBSZXZpZXdlZCBieSBBbGV4IENocmlzdGVuc2VuLgorCisgICAg ICAgICogV2ViUHJvY2Vzcy9TdG9yYWdlL1dlYlNlcnZpY2VXb3JrZXJGZXRjaFRhc2tDbGllbnQu Y3BwOgorICAgICAgICAoV2ViS2l0OjpXZWJTZXJ2aWNlV29ya2VyRmV0Y2hUYXNrQ2xpZW50Ojpk aWRGaW5pc2hCbG9iTG9hZGluZyk6IG1vdmluZyB0aGUgb2JqZWN0IHRvIG5vdCBkZXN0cm95ICd0 aGlzJyB0b28gc29vbi4KKwogMjAxNy0xMi0yMCAgWW91ZW5uIEZhYmxldCAgPHlvdWVubkBhcHBs ZS5jb20+CiAKICAgICAgICAgU3VwcG9ydCBzZXJ2aWNlIHdvcmtlciBpbnRlcmNlcHRpb24gb2Yg cmVxdWVzdCB3aXRoIGJsb2IgYm9keQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9XZWJQcm9j ZXNzL1N0b3JhZ2UvV2ViU2VydmljZVdvcmtlckZldGNoVGFza0NsaWVudC5jcHAgYi9Tb3VyY2Uv V2ViS2l0L1dlYlByb2Nlc3MvU3RvcmFnZS9XZWJTZXJ2aWNlV29ya2VyRmV0Y2hUYXNrQ2xpZW50 LmNwcAppbmRleCBiYjIzNDdhNTQ0NjFkYzQ0MjY3ZmYyZTZkODMyNzI3MTEzNzZhZGZhLi5mYTI0 M2M0NTQ4MTc4OTk2OTdiZjA0YTMzODJmMzQwZmFjMzY3N2NlIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViS2l0L1dlYlByb2Nlc3MvU3RvcmFnZS9XZWJTZXJ2aWNlV29ya2VyRmV0Y2hUYXNrQ2xpZW50 LmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0L1dlYlByb2Nlc3MvU3RvcmFnZS9XZWJTZXJ2aWNlV29y a2VyRmV0Y2hUYXNrQ2xpZW50LmNwcApAQCAtMTE0LDcgKzExNCw3IEBAIHZvaWQgV2ViU2Vydmlj ZVdvcmtlckZldGNoVGFza0NsaWVudDo6ZGlkRmluaXNoQmxvYkxvYWRpbmcoKQogewogICAgIGRp ZEZpbmlzaCgpOwogCi0gICAgbV9ibG9iTG9hZGVyID0gc3RkOjpudWxsb3B0OworICAgIHN0ZDo6 ZXhjaGFuZ2UobV9ibG9iTG9hZGVyLCBzdGQ6Om51bGxvcHQpOwogfQogCiB2b2lkIFdlYlNlcnZp Y2VXb3JrZXJGZXRjaFRhc2tDbGllbnQ6OmRpZEZhaWwoKQo=