Bug 127650

Summary:

[SOUP] WebProcess sometimes crashes when a download is cancelled

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKit2

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

gustavo

Priority:

Keywords:

Gtk

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mrobinson: review+

Description Carlos Garcia Campos 2014-01-26 05:29:30 PST

Program received signal SIGSEGV, Segmentation fault.
0x00007ffca626a00b in WebKit::Download::cancel() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
(gdb) bt
#0  0x00007ffca626a00b in WebKit::Download::cancel() () fromWebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#1  0x00007ffca6402d90 in WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection*, IPC::MessageDecoder&) ()
   from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#2  0x00007ffca7769f8b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) ()
   from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#3  0x00007ffca776a0d3 in IPC::Connection::dispatchOneMessage() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#4  0x00007ffca89c45b6 in WTF::RunLoop::performWork() () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0
#5  0x00007ffca89d10e9 in WTF::RunLoop::queueWork(WTF::RunLoop*) () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0
#6  0x00007ffca25084b5 in g_main_dispatch (context=0x1d80a20) at gmain.c:3068
#7  g_main_context_dispatch (context=context@entry=0x1d80a20) at gmain.c:3643
#8  0x00007ffca2508818 in g_main_context_iterate (context=0x1d80a20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3714
#9  0x00007ffca2508c1a in g_main_loop_run (loop=0x1e64af0) at gmain.c:3908
#10 0x00007ffca635e914 in WebProcessMainGtk () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#11 0x00007ffca14fa995 in __libc_start_main (main=0x400890 <main>, argc=2, ubp_av=0x7fffe13e1728, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffe13e1718) at libc-start.c:276
#12 0x00000000004008be in _start ()

Comment 1 Carlos Garcia Campos 2014-01-26 05:39:15 PST

Created attachment 222269 [details]
Patch

Comment 2 Martin Robinson 2014-01-26 08:30:15 PST

Comment on attachment 222269 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=222269&action=review

> Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp:241
> +    RefPtr<ResourceHandle> resourceHandle = m_resourceHandle;
> +    m_resourceHandle = nullptr;

You should use m_resourceHandle.release() here.

Comment 3 Carlos Garcia Campos 2014-01-27 00:22:36 PST

Committed r162830: <http://trac.webkit.org/changeset/162830>