Bug 144767

Summary:

Crashes in SocketStreamHandleBase::close

Product:

WebKit

Reporter:

Alexey Proskuryakov <ap>

Component:

WebCore Misc.

Assignee:

Alexey Proskuryakov <ap>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

InRadar

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
proposed fix	beidson: review+

Description Alexey Proskuryakov 2015-05-07 15:20:02 PDT

We have crash reports where SocketStreamHandleBase::close() is called on a null object while processing a CLOSE frame from the server.

Thread 0 Crashed:
0   WebCore                       	0x37daf446 WebCore::SocketStreamHandleBase::close() + 6 (SocketStreamHandleBase.cpp:86)
1   WebCore                       	0x37ee75b2 WebCore::WebSocketChannel::processOutgoingFrameQueue() + 554 (WebSocketChannel.cpp:775)
2   WebCore                       	0x37ee949a WebCore::WebSocketChannel::processFrame() + 3282 (WebSocketChannel.cpp:660)
3   WebCore                       	0x37ee8268 WebCore::WebSocketChannel::processBuffer() + 64 (WebSocketChannel.cpp:449)
4   WebCore                       	0x37ee8218 WebCore::WebSocketChannel::didReceiveSocketStreamData(WebCore::SocketStreamHandle*, char const*, int) + 172 (WebSocketChannel.cpp:312)

rdar://problem/20486538

Comment 1 Alexey Proskuryakov 2015-05-07 17:27:16 PDT

Created attachment 252659 [details]
proposed fix

Comment 2 Alexey Proskuryakov 2015-05-08 12:16:20 PDT

Committed <http://trac.webkit.org/r184005>.