Bug 127650

Summary: [SOUP] WebProcess sometimes crashes when a download is cancelled
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: gustavo
Priority: P2 Keywords: Gtk
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mrobinson: review+

Carlos Garcia Campos
Reported 2014-01-26 05:29:30 PST
Program received signal SIGSEGV, Segmentation fault. 0x00007ffca626a00b in WebKit::Download::cancel() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 (gdb) bt #0 0x00007ffca626a00b in WebKit::Download::cancel() () fromWebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #1 0x00007ffca6402d90 in WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection*, IPC::MessageDecoder&) () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #2 0x00007ffca7769f8b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #3 0x00007ffca776a0d3 in IPC::Connection::dispatchOneMessage() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #4 0x00007ffca89c45b6 in WTF::RunLoop::performWork() () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #5 0x00007ffca89d10e9 in WTF::RunLoop::queueWork(WTF::RunLoop*) () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #6 0x00007ffca25084b5 in g_main_dispatch (context=0x1d80a20) at gmain.c:3068 #7 g_main_context_dispatch (context=context@entry=0x1d80a20) at gmain.c:3643 #8 0x00007ffca2508818 in g_main_context_iterate (context=0x1d80a20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3714 #9 0x00007ffca2508c1a in g_main_loop_run (loop=0x1e64af0) at gmain.c:3908 #10 0x00007ffca635e914 in WebProcessMainGtk () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #11 0x00007ffca14fa995 in __libc_start_main (main=0x400890 <main>, argc=2, ubp_av=0x7fffe13e1728, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffe13e1718) at libc-start.c:276 #12 0x00000000004008be in _start ()
Attachments
Patch (2.20 KB, patch)
2014-01-26 05:39 PST, Carlos Garcia Campos 		mrobinson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2014-01-26 05:39:15 PST
Created attachment 222269 [details] Patch
Martin Robinson
Comment 2 2014-01-26 08:30:15 PST
Comment on attachment 222269 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=222269&action=review > Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp:241 > + RefPtr<ResourceHandle> resourceHandle = m_resourceHandle; > + m_resourceHandle = nullptr; You should use m_resourceHandle.release() here.
Carlos Garcia Campos
Comment 3 2014-01-27 00:22:36 PST
Committed r162830: <http://trac.webkit.org/changeset/162830>
Note You need to log in before you can comment on or make changes to this bug.