183046 2018-02-22 10:49:30 -0800 ServiceWorkerContainer::scheduleJob() fails to isolate copy the jobData before passing it to the main thread 2018-02-22 11:46:23 -0800 1 1 1 Unclassified WebKit Service Workers WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez beidson commit-queue rniwa webkit-bug-importer youennf oldest_to_newest 1401463 0 cdumez 2018-02-22 10:49:30 -0800 ServiceWorkerContainer::scheduleJob() fails to isolate copy the jobData before passing it to the main thread. 1401464 1 webkit-bug-importer 2018-02-22 10:50:07 -0800 <rdar://problem/37793395> 1401465 2 cdumez 2018-02-22 10:51:18 -0800 I suspect this is the reason for those crashes: Thread 5 Crashed ↩:: WebCore: Worker 0 libsystem_platform.dylib 0x00007fff7580cf49 _platform_memmove$VARIANT$Haswell + 41 1 com.apple.JavaScriptCore 0x00007fff4fd8c761 WTF::StringImpl::create(unsigned short const*, unsigned int) + 177 2 com.apple.JavaScriptCore 0x00007fff4fd8bc1e WTF::String::isolatedCopy() const & + 46 3 com.apple.WebCore 0x00007fff5b57f8e1 WebCore::ResourceRequestBase::setAsIsolatedCopy(WebCore::ResourceRequest const&) + 657 4 com.apple.WebCore 0x00007fff5b57f63b WebCore::ResourceRequestBase::isolatedCopy() const + 107 5 com.apple.WebCore 0x00007fff5b34b049 WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge(WebCore::ThreadableLoaderClientWrapper&, WebCore::WorkerLoaderProxy&, WTF::String const&, WebCore::ResourceRequest&&, WebCore::ThreadableLoaderOptions const&, WTF::String const&, WebCore::WorkerGlobalScope&) + 745 6 com.apple.WebCore 0x00007fff5b34aa52 WebCore::WorkerThreadableLoader::WorkerThreadableLoader(WebCore::WorkerGlobalScope&, WebCore::ThreadableLoaderClient&, WTF::String const&, WebCore::ResourceRequest&&, WebCore::ThreadableLoaderOptions const&, WTF::String const&) + 226 7 com.apple.WebCore 0x00007fff5b34a577 WebCore::ThreadableLoader::create(WebCore::ScriptExecutionContext&, WebCore::ThreadableLoaderClient&, WebCore::ResourceRequest&&, WebCore::ThreadableLoaderOptions const&, WTF::String&&) + 103 8 com.apple.WebCore 0x00007fff5b832f63 WebCore::WorkerScriptLoader::loadAsynchronously(WebCore::ScriptExecutionContext&, WebCore::ResourceRequest&&, WebCore::FetchOptions::Mode, WebCore::FetchOptions::Cache, WebCore::FetchOptions::Redirect, WebCore::ContentSecurityPolicyEnforcement, WebCore::WorkerScriptLoaderClient&) + 819 9 com.apple.WebCore 0x00007fff5b842c6d WebCore::ServiceWorkerJob::fetchScriptWithContext(WebCore::ScriptExecutionContext&, WebCore::FetchOptions::Cache) + 381 10 com.apple.WebCore 0x00007fff5b83bfa8 WTF::Function<void (WebCore::ScriptExecutionContext&)>::CallableWrapper<WebCore::SWClientConnection::postTaskForJob(WTF::ObjectIdentifier<WebCore::ServiceWorkerJobIdentifierType>, WebCore::SWClientConnection::IsJobComplete, WTF::Function<void (WebCore::ServiceWorkerJob&)>&&)::$_2>::call(WebCore::ScriptExecutionContext&) + 72 11 com.apple.WebCore 0x00007fff5b831ed0 WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 416 12 com.apple.WebCore 0x00007fff5b831cd0 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 96 13 com.apple.WebCore 0x00007fff5b834276 WebCore::WorkerThread::workerThread() + 1030 14 com.apple.JavaScriptCore 0x00007fff50962f44 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 15 com.apple.JavaScriptCore 0x00007fff4fd8c209 WTF::wtfThreadEntryPoint(void*) + 9 16 libsystem_pthread.dylib 0x00007fff758136c1 _pthread_body + 340 17 libsystem_pthread.dylib 0x00007fff7581356d _pthread_start + 377 18 libsystem_pthread.dylib 0x00007fff75812c5d thread_start + 13 Since ServiceWorkerJob::fetchScriptWithContext() uses the scriptURL from the jobData to construct the ResourceRequest. 1401472 3 334457 cdumez 2018-02-22 10:58:57 -0800 Created attachment 334457 Patch 1401488 4 334457 commit-queue 2018-02-22 11:46:22 -0800 Comment on attachment 334457 Patch Clearing flags on attachment: 334457 Committed r228928: <https://trac.webkit.org/changeset/228928> 1401489 5 commit-queue 2018-02-22 11:46:23 -0800 All reviewed patches have been landed. Closing bug. 334457 2018-02-22 10:58:57 -0800 2018-02-22 11:46:22 -0800 Patch bug-183046-20180222105857.patch text/plain 2052 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjI4OTE5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMDUwY2FhNDEyM2Y5ZGUw NTZmYjA2NWExZTljNDQ0NWM4ZGQ4YzRjNS4uMzQzMzIyZjVlZTgwZDMzMjE3NjhlMDU0NDMyZmM4 NDBiN2Q4NDdmYyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDE4LTAyLTIyICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgU2VydmljZVdvcmtlckNvbnRh aW5lcjo6c2NoZWR1bGVKb2IoKSBmYWlscyB0byBpc29sYXRlIGNvcHkgdGhlIGpvYkRhdGEgYmVm b3JlIHBhc3NpbmcgaXQgdG8gdGhlIG1haW4gdGhyZWFkCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xODMwNDYKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVt LzM3NzkzMzk1PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAg ICAgIE1ha2Ugc3VyZSB3ZSBpc29sYXRlIGNvcHkgdGhlIGpvYkRhdGEgYmVmb3JlIHBhc3Npbmcg aXQgdG8gdGhlIG1haW4gdGhyZWFkIGluIFNlcnZpY2VXb3JrZXJDb250YWluZXI6OnNjaGVkdWxl Sm9iKCkuCisgICAgICAgIFRoZSBqb2JEYXRhIGNvbnRhaW5zIFN0cmluZ3MgLyBVUkxzIHNvIGl0 IGlzIG5vdCBzYWZlIHRvIGhhdmUgbm9uLWlzb2xhdGVkIGNvcGllcyBvZiBpdCBvbiB2YXJpb3Vz IHRocmVhZHMuCisKKyAgICAgICAgKiB3b3JrZXJzL3NlcnZpY2UvU2VydmljZVdvcmtlckNvbnRh aW5lci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpTZXJ2aWNlV29ya2VyQ29udGFpbmVyOjpzY2hl ZHVsZUpvYik6CisKIDIwMTgtMDItMjIgIFlvdWVubiBGYWJsZXQgIDx5b3Vlbm5AYXBwbGUuY29t PgogCiAgICAgICAgIEFkZCByZWxlYXNlIGFzc2VydHMgZm9yIHNlcnZpY2Ugd29ya2VyIGZldGNo IGFuZCBwb3N0TWVzc2FnZSBldmVudHMKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3dvcmtl cnMvc2VydmljZS9TZXJ2aWNlV29ya2VyQ29udGFpbmVyLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3dv cmtlcnMvc2VydmljZS9TZXJ2aWNlV29ya2VyQ29udGFpbmVyLmNwcAppbmRleCBiYjQzZDNkYTZl MTdmOWY2MzEyYWZmYjlkMzYyY2MzMzg1ZGQ2NzNhLi4xOTliZTQxN2RkZGMwN2JhMWU4NzBiNzVh NjFkNzJiNDBmMGU2MjI5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS93b3JrZXJzL3NlcnZp Y2UvU2VydmljZVdvcmtlckNvbnRhaW5lci5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvd29ya2Vy cy9zZXJ2aWNlL1NlcnZpY2VXb3JrZXJDb250YWluZXIuY3BwCkBAIC0yMzgsMTEgKzIzOCwxMSBA QCB2b2lkIFNlcnZpY2VXb3JrZXJDb250YWluZXI6OnNjaGVkdWxlSm9iKFJlZjxTZXJ2aWNlV29y a2VySm9iPiYmIGpvYikKIAogICAgIHNldFBlbmRpbmdBY3Rpdml0eSh0aGlzKTsKIAotICAgIGF1 dG8gam9iRGF0YSA9IGpvYi0+ZGF0YSgpOworICAgIGF1dG8mIGpvYkRhdGEgPSBqb2ItPmRhdGEo KTsKICAgICBhdXRvIHJlc3VsdCA9IG1fam9iTWFwLmFkZChqb2ItPmlkZW50aWZpZXIoKSwgV1RG TW92ZShqb2IpKTsKICAgICBBU1NFUlRfVU5VU0VEKHJlc3VsdCwgcmVzdWx0LmlzTmV3RW50cnkp OwogCi0gICAgY2FsbE9uTWFpblRocmVhZChbY29ubmVjdGlvbiA9IG1fc3dDb25uZWN0aW9uLCBj b250ZXh0SWRlbnRpZmllciA9IHRoaXMtPmNvbnRleHRJZGVudGlmaWVyKCksIGpvYkRhdGEgPSBX VEZNb3ZlKGpvYkRhdGEpXSB7CisgICAgY2FsbE9uTWFpblRocmVhZChbY29ubmVjdGlvbiA9IG1f c3dDb25uZWN0aW9uLCBjb250ZXh0SWRlbnRpZmllciA9IHRoaXMtPmNvbnRleHRJZGVudGlmaWVy KCksIGpvYkRhdGEgPSBqb2JEYXRhLmlzb2xhdGVkQ29weSgpXSB7CiAgICAgICAgIGNvbm5lY3Rp b24tPnNjaGVkdWxlSm9iKGNvbnRleHRJZGVudGlmaWVyLCBqb2JEYXRhKTsKICAgICB9KTsKIH0K