Bug 147039

Summary: REGRESSION(r184376): [SOUP] Multiple assertions when downloading files
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: cgarcia, commit-queue, mcatanzaro
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Backtrace
none
Patch none

Michael Catanzaro
Reported 2015-07-17 08:17:20 PDT
With my debug build of r186919, the network process crashes when I download any file: ASSERTION FAILED: !m_adoptionIsRequired ../../Source/WTF/wtf/RefCounted.h(45) : void WTF::RefCountedBase::ref() My semi-random test file is http://cdimage.debian.org/debian-cd/8.1.0/amd64/iso-dvd/debian-8.1.0-amd64-DVD-1.iso Backtrace incoming.
Attachments
Backtrace (58.26 KB, text/plain)
2015-07-17 08:22 PDT, Michael Catanzaro 		no flags
Details
Patch (3.43 KB, patch)
2015-07-20 18:11 PDT, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2015-07-17 08:22:54 PDT
Created attachment 256971 [details] Backtrace
Michael Catanzaro
Comment 2 2015-07-20 17:07:09 PDT
<MagicSchoolBus>Carrrrlos!</MagicSchoolBus> You have to either adopt the ref before assigning to the RefPtr: // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run. RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);
Michael Catanzaro
Comment 3 2015-07-20 17:36:18 PDT
Insufficient patch: diff --git a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp b/Sourc e/WebCore/platform/network/soup/ResourceHandleSoup.cpp index ea692d6..d407dcc 100644 --- a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp +++ b/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp @@ -1036,14 +1036,15 @@ bool ResourceHandle::start() RefPtr<ResourceHandle> ResourceHandle::releaseForDownload(ResourceHandleClient* downloadClient) { // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run. - RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff); + ResourceHandle* newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff); + newHandle->relaxAdoptionRequirement(); std::swap(d, newHandle->d); g_signal_handlers_disconnect_matched(newHandle->d->m_soupMessage.get(), G_SIGNAL_MATCH_DATA, 0, 0, nullptr, nullptr, this); - g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle.get()); + g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle); newHandle->d->m_client = downloadClient; - continueAfterDidReceiveResponse(newHandle.get()); + continueAfterDidReceiveResponse(newHandle); return newHandle; } That doesn't change the refcount so it should be good. But it's insufficient because that's not the only bug when downloading files; the next one is: ASSERTION FAILED: client() ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp(1377) : virtual void WebCore::ResourceHandle::continueDidReceiveResponse() Truncated backtrace is: 1 0x7f7500255df0 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x20) [0x7f7500255df0] 2 0x7f750607ca29 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore14ResourceHandle26continueDidReceiveResponseEv+0x49) [0x7f750607ca29] 3 0x7f75046df82b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess33convertMainResourceLoadToDownloadEmmRKN7WebCore15ResourceRequestERKNS1_16ResourceResponseE+0xbb) [0x7f75046df82b] 4 0x7f750489fdf0 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC22callMemberFunctionImplIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EEJLm0ELm1ELm2ELm3EEEEvPT_T0_OT1_St14index_sequenceIJXspT2_EEE+0xf0) [0x7f750489fdf0] 5 0x7f750489fbbc /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18callMemberFunctionIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EESt19make_index_sequenceILm4EEEEvOT1_PT_T0_+0x6c) [0x7f750489fbbc] 6 0x7f7504898b90 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC13handleMessageIN8Messages29NetworkConnectionToWebProcess33ConvertMainResourceLoadToDownloadEN6WebKit29NetworkConnectionToWebProcessEMS5_FvmmRKN7WebCore15ResourceRequestERKNS6_16ResourceResponseEEEEvRNS_14MessageDecoderEPT0_T1_+0x140) [0x7f7504898b90] 7 0x7f7504897b92 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess46didReceiveNetworkConnectionToWebProcessMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x302) [0x7f7504897b92] 8 0x7f75046ded1e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x6e) [0x7f75046ded1e] 9 0x7f750424b4f3 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageERNS_14MessageDecoderE+0x33) [0x7f750424b4f3] 10 0x7f7504246477 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_14MessageDecoderESt14default_deleteIS2_EE+0xc7) [0x7f7504246477] 11 0x7f750424b61f /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection18dispatchOneMessageEv+0x11f) [0x7f750424b61f] 12 0x7f750424b95d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f895d) [0x7f750424b95d] 13 0x7f750424b72d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f872d) [0x7f750424b72d] 14 0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e] 15 0x7f750688803a /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop11performWorkEv+0x13a) [0x7f750688803a] 16 0x7f750688e14d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3b14d) [0x7f750688e14d] 17 0x7f750688df1d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3af1d) [0x7f750688df1d] 18 0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e] 19 0x7f75002b4519 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource12voidCallbackEv+0xa9) [0x7f75002b4519] 20 0x7f75002b2106 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource18voidSourceCallbackEPS0_+0x16) [0x7f75002b2106] 21 0x7f74fc507471 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x56471) [0x7f74fc507471] 22 0x7f74fc504ab9 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x53ab9) [0x7f74fc504ab9] 23 0x7f74fc5058fd /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f74fc5058fd] 24 0x7f74fc505ae1 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x54ae1) [0x7f74fc505ae1] 25 0x7f74fc505f07 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_loop_run+0x1d5) [0x7f74fc505f07] 26 0x7f750688d47d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop3runEv+0xbd) [0x7f750688d47d] 27 0x7f750474ad2d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16ChildProcessMainINS_14NetworkProcessENS_18NetworkProcessMainEEEiiPPc+0xfd) [0x7f750474ad2d] 28 0x7f750474ab7b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(NetworkProcessMainUnix+0x1b) [0x7f750474ab7b] 29 0x400c39 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(main+0x49) [0x400c39] 30 0x7f74f5c1a790 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f74f5c1a790] 31 0x400b19 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(_start+0x29) [0x400b19]
Michael Catanzaro
Comment 4 2015-07-20 17:39:11 PDT
ResourceHandle::continueAfterDidReceiveResponse is clearly prepared to handle the case of a missing client, so I think the assertions in ResourceHandle::ContinueDidReceiveResponse are wrong. Same for ResourceHandle::continueAfterWillSendRequest and ResourceHandle::continueWillSendRequest.
Michael Catanzaro
Comment 5 2015-07-20 18:11:09 PDT
Created attachment 257153 [details] Patch
WebKit Commit Bot
Comment 6 2015-07-20 23:19:43 PDT
Comment on attachment 257153 [details] Patch Clearing flags on attachment: 257153 Committed r187101: <http://trac.webkit.org/changeset/187101>
WebKit Commit Bot
Comment 7 2015-07-20 23:19:47 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.