Bug 147039

Summary:

REGRESSION(r184376): [SOUP] Multiple assertions when downloading files

Product:

WebKit

Reporter:

Michael Catanzaro <mcatanzaro>

Component:

WebKitGTK

Assignee:

Michael Catanzaro <mcatanzaro>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cgarcia, commit-queue, mcatanzaro

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

Linux

Attachments:

Description	Flags
Backtrace	none
Patch	none

Description Michael Catanzaro 2015-07-17 08:17:20 PDT

With my debug build of r186919, the network process crashes when I download any file:

ASSERTION FAILED: !m_adoptionIsRequired
../../Source/WTF/wtf/RefCounted.h(45) : void WTF::RefCountedBase::ref()

My semi-random test file is http://cdimage.debian.org/debian-cd/8.1.0/amd64/iso-dvd/debian-8.1.0-amd64-DVD-1.iso

Backtrace incoming.

Comment 1 Michael Catanzaro 2015-07-17 08:22:54 PDT

Created attachment 256971 [details]
Backtrace

Comment 2 Michael Catanzaro 2015-07-20 17:07:09 PDT

<MagicSchoolBus>Carrrrlos!</MagicSchoolBus>

You have to either adopt the ref before assigning to the RefPtr:

    // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run.
    RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);

Comment 3 Michael Catanzaro 2015-07-20 17:36:18 PDT

Insufficient patch:

diff --git a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp b/Sourc
e/WebCore/platform/network/soup/ResourceHandleSoup.cpp
index ea692d6..d407dcc 100644
--- a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
+++ b/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
@@ -1036,14 +1036,15 @@ bool ResourceHandle::start()
 RefPtr<ResourceHandle> ResourceHandle::releaseForDownload(ResourceHandleClient*
 downloadClient)
 {
     // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run.
-    RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);
+    ResourceHandle* newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);
+    newHandle->relaxAdoptionRequirement();
     std::swap(d, newHandle->d);
 
     g_signal_handlers_disconnect_matched(newHandle->d->m_soupMessage.get(), G_SIGNAL_MATCH_DATA, 0, 0, nullptr, nullptr, this);
-    g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle.get());
+    g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle);
 
     newHandle->d->m_client = downloadClient;
-    continueAfterDidReceiveResponse(newHandle.get());
+    continueAfterDidReceiveResponse(newHandle);
 
     return newHandle;
 }

That doesn't change the refcount so it should be good. But it's insufficient because that's not the only bug when downloading files; the next one is:

ASSERTION FAILED: client()
../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp(1377) : virtual void WebCore::ResourceHandle::continueDidReceiveResponse()

Truncated backtrace is:

1   0x7f7500255df0 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x20) [0x7f7500255df0]
2   0x7f750607ca29 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore14ResourceHandle26continueDidReceiveResponseEv+0x49) [0x7f750607ca29]
3   0x7f75046df82b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess33convertMainResourceLoadToDownloadEmmRKN7WebCore15ResourceRequestERKNS1_16ResourceResponseE+0xbb) [0x7f75046df82b]
4   0x7f750489fdf0 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC22callMemberFunctionImplIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EEJLm0ELm1ELm2ELm3EEEEvPT_T0_OT1_St14index_sequenceIJXspT2_EEE+0xf0) [0x7f750489fdf0]
5   0x7f750489fbbc /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18callMemberFunctionIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EESt19make_index_sequenceILm4EEEEvOT1_PT_T0_+0x6c) [0x7f750489fbbc]
6   0x7f7504898b90 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC13handleMessageIN8Messages29NetworkConnectionToWebProcess33ConvertMainResourceLoadToDownloadEN6WebKit29NetworkConnectionToWebProcessEMS5_FvmmRKN7WebCore15ResourceRequestERKNS6_16ResourceResponseEEEEvRNS_14MessageDecoderEPT0_T1_+0x140) [0x7f7504898b90]
7   0x7f7504897b92 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess46didReceiveNetworkConnectionToWebProcessMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x302) [0x7f7504897b92]
8   0x7f75046ded1e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x6e) [0x7f75046ded1e]
9   0x7f750424b4f3 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageERNS_14MessageDecoderE+0x33) [0x7f750424b4f3]
10  0x7f7504246477 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_14MessageDecoderESt14default_deleteIS2_EE+0xc7) [0x7f7504246477]
11  0x7f750424b61f /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection18dispatchOneMessageEv+0x11f) [0x7f750424b61f]
12  0x7f750424b95d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f895d) [0x7f750424b95d]
13  0x7f750424b72d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f872d) [0x7f750424b72d]
14  0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e]
15  0x7f750688803a /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop11performWorkEv+0x13a) [0x7f750688803a]
16  0x7f750688e14d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3b14d) [0x7f750688e14d]
17  0x7f750688df1d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3af1d) [0x7f750688df1d]
18  0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e]
19  0x7f75002b4519 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource12voidCallbackEv+0xa9) [0x7f75002b4519]
20  0x7f75002b2106 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource18voidSourceCallbackEPS0_+0x16) [0x7f75002b2106]
21  0x7f74fc507471 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x56471) [0x7f74fc507471]
22  0x7f74fc504ab9 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x53ab9) [0x7f74fc504ab9]
23  0x7f74fc5058fd /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f74fc5058fd]
24  0x7f74fc505ae1 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x54ae1) [0x7f74fc505ae1]
25  0x7f74fc505f07 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_loop_run+0x1d5) [0x7f74fc505f07]
26  0x7f750688d47d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop3runEv+0xbd) [0x7f750688d47d]
27  0x7f750474ad2d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16ChildProcessMainINS_14NetworkProcessENS_18NetworkProcessMainEEEiiPPc+0xfd) [0x7f750474ad2d]
28  0x7f750474ab7b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(NetworkProcessMainUnix+0x1b) [0x7f750474ab7b]
29  0x400c39 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(main+0x49) [0x400c39]
30  0x7f74f5c1a790 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f74f5c1a790]
31  0x400b19 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(_start+0x29) [0x400b19]

Comment 4 Michael Catanzaro 2015-07-20 17:39:11 PDT

ResourceHandle::continueAfterDidReceiveResponse is clearly prepared to handle the case of a missing client, so I think the assertions in ResourceHandle::ContinueDidReceiveResponse are wrong. Same for ResourceHandle::continueAfterWillSendRequest and ResourceHandle::continueWillSendRequest.

Comment 5 Michael Catanzaro 2015-07-20 18:11:09 PDT

Created attachment 257153 [details]
Patch

Comment 6 WebKit Commit Bot 2015-07-20 23:19:43 PDT

Comment on attachment 257153 [details]
Patch

Clearing flags on attachment: 257153

Committed r187101: <http://trac.webkit.org/changeset/187101>

Comment 7 WebKit Commit Bot 2015-07-20 23:19:47 PDT

All reviewed patches have been landed.  Closing bug.