Bug 137779

Summary: [iOS] Crashes in CFURLConnection delegates due to unimplemented retain/release
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: Page LoadingAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, benjamin, ddkilzer, psolanki, sam
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: All   
Attachments:
Description Flags
proposed fix
none
with a build fix beidson: review+

Alexey Proskuryakov
Reported 2014-10-16 09:54:29 PDT
We need ResourceHandleCFURLConnectionDelegate to remain alive for as long as CFURLConnection is making delegate calls. The only way to guarantee this is to have CFURLConnection retain the delegate, which it does - but we don't implement retain/release client callbacks! This causes crashes in Networking process.
Attachments
proposed fix (10.62 KB, patch)
2014-10-16 10:14 PDT, Alexey Proskuryakov 		no flags
DetailsFormatted DiffDiff
with a build fix (10.64 KB, patch)
2014-10-16 12:19 PDT, Alexey Proskuryakov 		beidson: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2014-10-16 10:01:18 PDT
*** Bug 135027 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 2 2014-10-16 10:01:57 PDT
rdar://problem/18679320
Alexey Proskuryakov
Comment 3 2014-10-16 10:14:49 PDT
Created attachment 239950 [details] proposed fix
Alexey Proskuryakov
Comment 4 2014-10-16 12:19:27 PDT
Created attachment 239957 [details] with a build fix
Alexey Proskuryakov
Comment 5 2014-10-16 12:46:44 PDT
Committed <https://trac.webkit.org/r174787>.
Darin Adler
Comment 6 2014-10-17 23:06:23 PDT
Comment on attachment 239957 [details] with a build fix View in context: https://bugs.webkit.org/attachment.cgi?id=239957&action=review > Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:61 > + static_cast<ResourceHandleCFURLConnectionDelegate*>(const_cast<void*>(clientInfo))->ref(); Is this thread-safe?
Alexey Proskuryakov
Comment 7 2014-10-18 00:40:14 PDT
Yes, ResourceHandleCFURLConnectionDelegate is a ThreadSafeRefCounted object, and it doesn't have any data members that are unsafe to destruct on any thread.
Note You need to log in before you can comment on or make changes to this bug.