Bug 127738

Summary: Web Inspector: CRASH when debugger closes remote inspecting JSContext
Product: WebKit Reporter: Joseph Pecoraro <joepeck>
Component: Web InspectorAssignee: Joseph Pecoraro <joepeck>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, graouts, joepeck, timothy, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
[PATCH] Proposed Fix none

Joseph Pecoraro
Reported 2014-01-27 17:20:26 PST
* SUMMARY JSContext hosting application crashes when a remote debugger disconnects during inspection. * STEPS TO REPRODUCE 1. Launch JSContextTester application 2. Inspect JSContext from remote debugger 3. Close remote debugger => CRASH * NOTES It looks like RemoteInspectorXPCConnection may be handling an event on a background dispatch_queue at the same time that the main queue releases the RemoteInspectorXPCConnection. The dispatch_queue is passed a "weakThis" pointer, which is wrong. * CRASH void RemoteInspectorXPCConnection::handleEvent(xpc_object_t object) { if (!m_connection) return; if (xpc_get_type(object) == XPC_TYPE_ERROR) { if (m_client) m_client->xpcConnectionFailed(this); // <-- CRASH EXC_BAD_ACCESS return; } ... } (lldb) bt * thread #4: tid = 0x1292ba, 0x00000001003a11ab JavaScriptCore`Inspector::RemoteInspectorXPCConnection::handleEvent(this=0x00000001099333e0, object=<unavailable>) + 155 at RemoteInspectorXPCConnection.mm:112, queue = 'com.apple.JavaScriptCore.remote-inspector-xpc-connection, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001003a11ab JavaScriptCore`Inspector::RemoteInspectorXPCConnection::handleEvent(this=0x00000001099333e0, object=<unavailable>) + 155 at RemoteInspectorXPCConnection.mm:112 frame #1: 0x00007fff8bb645cc libxpc.dylib`_xpc_connection_call_event_handler + 58 frame #2: 0x00007fff8bb62dcb libxpc.dylib`_xpc_connection_mach_event + 1080 frame #3: 0x00007fff8d745afe libdispatch.dylib`_dispatch_client_callout4 + 9 frame #4: 0x00007fff8d74865c libdispatch.dylib`_dispatch_mach_cancel_invoke + 50 frame #5: 0x00007fff8d745860 libdispatch.dylib`_dispatch_mach_invoke + 604 frame #6: 0x00007fff8d744633 libdispatch.dylib`_dispatch_queue_drain + 359 frame #7: 0x00007fff8d7459dd libdispatch.dylib`_dispatch_queue_invoke + 110 frame #8: 0x00007fff8d743fa3 libdispatch.dylib`_dispatch_root_queue_drain + 75 frame #9: 0x00007fff8d745193 libdispatch.dylib`_dispatch_worker_thread2 + 40 frame #10: 0x00007fff8f33cef8 libsystem_pthread.dylib`_pthread_wqthread + 314 frame #11: 0x00007fff8f33ffb9 libsystem_pthread.dylib`start_wqthread + 13
Attachments
[PATCH] Proposed Fix (7.82 KB, patch)
2014-01-27 19:44 PST, Joseph Pecoraro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Joseph Pecoraro
Comment 1 2014-01-27 17:21:43 PST
I'm going to look into changing RemoteInspectorXPCConnection from OwnPtr to a ThreadSafeRefPtr. In the old iOS inspector this used to be a retained NSObject in the block, where the "weakThis" is now not keeping the object alive.
Radar WebKit Bug Importer
Comment 2 2014-01-27 17:24:34 PST
<rdar://problem/15921226>
Joseph Pecoraro
Comment 3 2014-01-27 19:44:33 PST
Created attachment 222397 [details] [PATCH] Proposed Fix
WebKit Commit Bot
Comment 4 2014-01-27 20:51:23 PST
Comment on attachment 222397 [details] [PATCH] Proposed Fix Clearing flags on attachment: 222397 Committed r162910: <http://trac.webkit.org/changeset/162910>
WebKit Commit Bot
Comment 5 2014-01-27 20:51:25 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.