Summary: | REGRESSION (r146239): Reproducible crash in WebCore::DocumentLoader::responseReceived | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Dieter Komendera <dieter> | ||||||||||
Component: | WebCore Misc. | Assignee: | Nate Chapin <japhet> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | Normal | CC: | ap, beidson, japhet, koivisto, webkit.review.bot | ||||||||||
Priority: | P1 | Keywords: | InRadar, Regression | ||||||||||
Version: | 528+ (Nightly build) | ||||||||||||
Hardware: | Mac | ||||||||||||
OS: | OS X 10.8 | ||||||||||||
URL: | https://rubygems.org/gems/git-svn-mirror | ||||||||||||
Bug Depends on: | 112722 | ||||||||||||
Bug Blocks: | |||||||||||||
Attachments: |
|
Description
Dieter Komendera
2013-03-20 07:43:29 PDT
Created attachment 194052 [details]
full crash report
Bisecting says r146238-146246, with r146239 being the only relevant change in this range. Nate, Antti, could you please take a look? Created attachment 194370 [details]
patch
Comment on attachment 194370 [details]
patch
What ensures that the identifier won't stay 0? We hate when identifiers are 0.
Perhaps a ChangeLog explanation would help.
(In reply to comment #5) > (From update of attachment 194370 [details]) > What ensures that the identifier won't stay 0? We hate when identifiers are 0. > > Perhaps a ChangeLog explanation would help. I'm trying to figure out how to properly ensure that, because it looks like 0 identifiers where happening in this case before it switched to crashing. The problem is that, by the time responseReceived() is called in the 304 case, we've already swapped to the revalidated CachedResource, which means we've lost our connection to the proper identifier. Created attachment 194390 [details]
Attempt to prevent identifier of 0
Ok, I *think* this does the job. In a normal load, we set a main resource's identifier on the CachedRawResource when we receive a response, but we don't do so in the revalidation case. Since a resource can't have multiple revalidations at once and can't be revalidated if it's still loading, it should be safe to copy the identifier to the revalidated resource, even though that overwrites its old identifier.
Comment on attachment 194390 [details] Attempt to prevent identifier of 0 View in context: https://bugs.webkit.org/attachment.cgi?id=194390&action=review r+ with the following change > Source/WebCore/loader/cache/CachedRawResource.h:69 > + virtual void switchClientsToRevalidatedResource(); OVERRIDE Created attachment 194566 [details]
Patch for landing
Comment on attachment 194566 [details] Patch for landing Clearing flags on attachment: 194566 Committed r146626: <http://trac.webkit.org/changeset/146626> All reviewed patches have been landed. Closing bug. |