246858 2022-10-21 08:09:37 -0700 [SOUP] http/tests/security/cookies/cookie-theft-with-javascript-doc.html crashing 2022-11-09 13:16:32 -0800 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=247658 P2 Normal --- 1 csaavedra csaavedra achristensen bugs-noreply fujii mcatanzaro oldest_to_newest 1907306 0 csaavedra 2022-10-21 08:09:37 -0700 Since https://github.com/WebKit/WebKit/commit/361f64fcdd4b6aa17aaafcc55ebc88ab89acfc89 landed, http/tests/security/cookies/cookie-theft-with-javascript-doc.html has been crashing pretty consistently. ASSERTION FAILED: result /app/webkit/Source/WebKit/NetworkProcess/NetworkProcess.cpp(434) : bool WebKit::NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const WTF::URL&) 1 0x7fe547a47b63 WTFCrash [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/app/webkit/WebKitBuild/Debug/bin/WebKitNetworkProcess 10 9'. Program terminated with signal SIGSEGV, Segmentation fault. #0 WTFCrash () at /app/webkit/Source/WTF/wtf/Assertions.cpp:327 327 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7fe53e8be540 (LWP 44))] Thread 1 (Thread 0x7fe53e8be540 (LWP 44)): #0 WTFCrash() () at /app/webkit/Source/WTF/wtf/Assertions.cpp:327 #1 0x00007fe5512070f5 in WTFCrashWithInfo(int, char const*, char const*, int) () at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Assertions.h:754 #2 0x00007fe551a6886b in WebKit::NetworkProcess::allowsFirstPartyForCookies(WTF::ObjectIdentifier<WebCore::ProcessIdentifierType>, WTF::URL const&) (this=0x7fe535034240, processIdentifier=..., firstParty=...) at /app/webkit/Source/WebKit/NetworkProcess/NetworkProcess.cpp:434 #3 0x00007fe551a08f14 in WebKit::NetworkConnectionToWebProcess::cookiesForDOM(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::IncludeSecureCookies, WebCore::ShouldAskITP, WebCore::ShouldRelaxThirdPartyCookieBlocking, WTF::CompletionHandler<void (WTF::String, bool)>&&) (this=0x7fe535094340, firstParty=..., sameSiteInfo=..., url=..., frameID=..., pageID=..., includeSecureCookies=WebCore::IncludeSecureCookies::No, shouldAskITP=WebCore::ShouldAskITP::No, shouldRelaxThirdPartyCookieBlocking=WebCore::ShouldRelaxThirdPartyCookieBlocking::No, completionHandler=...) at /app/webkit/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:773 1907307 1 csaavedra 2022-10-21 08:20:11 -0700 There are two web processes (due to the iframe in the test), one with identifier 7 and the other 12. One of them is adding 'nullOrigin' to the "allowedFirstPartyForCookies" list, not the other. When the other receives a call to get the cookies for the DOM, the check of whether 'nullOrigin' is an allowed first party for cookies fails, and the assertion with it: NetworkProcess::addAllowedFirstPartyForCookies(identifier: 7, firstPartyForCookies: nullOrigin) NetworkProcess::addAllowedFirstPartyForCookies(identifier: 12, firstPartyForCookies: 127.0.0.1) NetworkProcess::allowsFirstPartyForCookies(identifier: 12, firstPartyForCookies: 127.0.0.1) NetworkProcess::allowsFirstPartyForCookies(identifier: 12, firstPartyForCookies: 127.0.0.1) NetworkProcess::allowsFirstPartyForCookies(identifier: 12, firstPartyForCookies: nullOrigin) --> ASSERTION FAILED: result The crash doesn't happen always for me, so this might be a timing issue. 1911184 2 fujii 2022-11-08 23:54:07 -0800 See also bug#247658. I'm proposing a patch there. 1911347 3 csaavedra 2022-11-09 13:06:29 -0800 This seems to have been fixed already with https://commits.webkit.org/256065@main 1911348 4 csaavedra 2022-11-09 13:13:14 -0800 Pull request: https://github.com/WebKit/WebKit/pull/6317 1911349 5 ews-feeder 2022-11-09 13:16:27 -0800 Committed 256498@main (4cd9a03152f0): <https://commits.webkit.org/256498@main> Reviewed commits have been landed. Closing PR #6317 and removing active labels.