| Summary: | Purge PassRefPtr in WebCore/Modules - 3 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Gyuyoung Kim <gyuyoung.kim> | ||||
| Component: | New Bugs | Assignee: | Gyuyoung Kim <gyuyoung.kim> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | commit-queue, joepeck | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 144092, 145549 | ||||||
| Attachments: |
|
||||||
|
Description
Gyuyoung Kim
2015-06-01 00:19:06 PDT
Created attachment 253990 [details]
Patch
Comment on attachment 253990 [details] Patch Clearing flags on attachment: 253990 Committed r185091: <http://trac.webkit.org/changeset/185091> All reviewed patches have been landed. Closing bug. There are a few crashing IndexedDB tests on the debug bots: <https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r185101%20(4698)/results.html> > Regressions: Unexpected crashes (5) > storage/indexeddb/error-causes-abort-by-default.html [ Crash ] > storage/indexeddb/exception-in-event-aborts.html [ Crash ] > storage/indexeddb/mozilla/add-twice-failure.html [ Crash ] > storage/indexeddb/request-event-propagation.html [ Crash ] > storage/indexeddb/transaction-event-propagation.html [ Crash ] I am not certain, but could these be a result of this change? Comment on attachment 253990 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=253990&action=review > Source/WebKit2/WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp:456 > - serverRequest->completeRequest(resultKey.isNull ? nullptr : resultKey.maybeCreateIDBKey(), errorCode ? IDBDatabaseError::create(errorCode, errorMessage) : nullptr); > + serverRequest->completeRequest(resultKey.isNull ? nullptr : resultKey.maybeCreateIDBKey(), errorCode ? IDBDatabaseError::create(errorCode, errorMessage).ptr() : nullptr); Hmm, seems likely. This did modify the code at the ASSERT crash point: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010eac4d17 WTFCrashWithSecurityImplication + 39 1 com.apple.WebKit 0x000000010afa4542 WTF::RefCountedBase::derefBase() + 66 (RefCounted.h:94) 2 com.apple.WebKit 0x000000010b65f39f WTF::RefCounted<WebCore::IDBDatabaseError>::deref() + 31 (RefCounted.h:145) 3 com.apple.WebKit 0x000000010b65f890 WTF::Ref<WebCore::IDBDatabaseError>::~Ref() + 48 (Ref.h:57) 4 com.apple.WebKit 0x000000010b65a255 WTF::Ref<WebCore::IDBDatabaseError>::~Ref() + 21 (Ref.h:57) 5 com.apple.WebKit 0x000000010b663699 WebKit::WebIDBServerConnection::didPutRecord(unsigned long long, WebCore::IDBKeyData const&, unsigned int, WTF::String const&) + 377 (WebIDBServerConnection.cpp:456) ... (In reply to comment #5) > Comment on attachment 253990 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=253990&action=review > > > Source/WebKit2/WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp:456 > > - serverRequest->completeRequest(resultKey.isNull ? nullptr : resultKey.maybeCreateIDBKey(), errorCode ? IDBDatabaseError::create(errorCode, errorMessage) : nullptr); > > + serverRequest->completeRequest(resultKey.isNull ? nullptr : resultKey.maybeCreateIDBKey(), errorCode ? IDBDatabaseError::create(errorCode, errorMessage).ptr() : nullptr); > > Hmm, seems likely. This did modify the code at the ASSERT crash point: > > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > 0 com.apple.JavaScriptCore 0x000000010eac4d17 > WTFCrashWithSecurityImplication + 39 > 1 com.apple.WebKit 0x000000010afa4542 > WTF::RefCountedBase::derefBase() + 66 (RefCounted.h:94) > 2 com.apple.WebKit 0x000000010b65f39f > WTF::RefCounted<WebCore::IDBDatabaseError>::deref() + 31 (RefCounted.h:145) > 3 com.apple.WebKit 0x000000010b65f890 > WTF::Ref<WebCore::IDBDatabaseError>::~Ref() + 48 (Ref.h:57) > 4 com.apple.WebKit 0x000000010b65a255 > WTF::Ref<WebCore::IDBDatabaseError>::~Ref() + 21 (Ref.h:57) > 5 com.apple.WebKit 0x000000010b663699 > WebKit::WebIDBServerConnection::didPutRecord(unsigned long long, > WebCore::IDBKeyData const&, unsigned int, WTF::String const&) + 377 > (WebIDBServerConnection.cpp:456) > ... Oops, let me check it soon. Comment on attachment 253990 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=253990&action=review >>> Source/WebKit2/WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp:456 >>> + serverRequest->completeRequest(resultKey.isNull ? nullptr : resultKey.maybeCreateIDBKey(), errorCode ? IDBDatabaseError::create(errorCode, errorMessage).ptr() : nullptr); >> >> Hmm, seems likely. This did modify the code at the ASSERT crash point: >> >> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread >> 0 com.apple.JavaScriptCore 0x000000010eac4d17 WTFCrashWithSecurityImplication + 39 >> 1 com.apple.WebKit 0x000000010afa4542 WTF::RefCountedBase::derefBase() + 66 (RefCounted.h:94) >> 2 com.apple.WebKit 0x000000010b65f39f WTF::RefCounted<WebCore::IDBDatabaseError>::deref() + 31 (RefCounted.h:145) >> 3 com.apple.WebKit 0x000000010b65f890 WTF::Ref<WebCore::IDBDatabaseError>::~Ref() + 48 (Ref.h:57) >> 4 com.apple.WebKit 0x000000010b65a255 WTF::Ref<WebCore::IDBDatabaseError>::~Ref() + 21 (Ref.h:57) >> 5 com.apple.WebKit 0x000000010b663699 WebKit::WebIDBServerConnection::didPutRecord(unsigned long long, WebCore::IDBKeyData const&, unsigned int, WTF::String const&) + 377 (WebIDBServerConnection.cpp:456) >> ... > > Oops, let me check it soon. There was my mistake. I should use leakRef() instead of ptr(). Crash happens when doing dereferencing for the instance created by IDBDatabaseError::create() factory function, because .ptr() doesn't reduce reference count. I upload a patch to fix this crash on Bug 145549. |