Bug 146783
Summary: | [SOUP] Crash in ~WebSoupRequestAsyncData | ||
---|---|---|---|
Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW | ||
Severity: | Normal | CC: | bugs-noreply, cgarcia, mario, mcatanzaro |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | PC | ||
OS: | Linux | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1241391 |
Michael Catanzaro
Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 42'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 ~WebSoupRequestAsyncData (this=0x1, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.8.3/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:54
54 if (request)
Truncated backtrace:
Thread no. 1 (10 frames)
#0 ~WebSoupRequestAsyncData at /usr/src/debug/webkitgtk-2.8.3/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:54
#1 operator() at /usr/include/c++/5.1.1/bits/unique_ptr.h:76
#2 ~unique_ptr at /usr/include/c++/5.1.1/bits/unique_ptr.h:236
#3 ~KeyValuePair at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTraits.h:180
#4 reinsert at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:926
#5 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >, WTF::IntHash<unsigned long>, WTF::HashMap<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> >, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::rehash at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1126
#6 shrink at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:444
#7 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >, WTF::IntHash<unsigned long>, WTF::HashMap<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> >, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::remove at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1000
#8 removeAndInvalidateWithoutEntryConsistencyCheck at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:974
#9 removeWithoutEntryConsistencyCheck at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1020
See the downstream bug for the full backtrace.
I spent a bit of time looking at this, but I don't understand the crash. The code looks safe to me.
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |