Bug 162483

Summary:

DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12

Product:

WebKit

Reporter:

youenn fablet <youennf>

Component:

WebCore Misc.

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, ddkilzer, ryanhaddad, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch for landing	none
Patch for landing	none

Description youenn fablet 2016-09-23 01:29:59 PDT

Crash log is:
0   com.apple.WebCore             	0x00000001160d269c WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool() const + 12
1   com.apple.WebCore             	0x00000001160d14a5 WebCore::FetchBodyOwner::stop() + 213
2   com.apple.WebCore             	0x00000001179428c2 WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 290
3   com.apple.WebCore             	0x0000000118097da9 WebCore::WorkerThread::stop()::$_0::operator()(WebCore::ScriptExecutionContext&) const + 57
4   com.apple.WebCore             	0x0000000118097d47 WTF::Function<void (WebCore::ScriptExecutionContext&)>::CallableWrapper<WebCore::WorkerThread::stop()::$_0>::call(WebCore::ScriptExecutionContext&) + 55
5   com.apple.WebCore             	0x0000000115ef5b57 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 119
6   com.apple.WebCore             	0x0000000115ee59fd WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29
7   com.apple.WebCore             	0x000000011808f6c9 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerRunLoop const&, WebCore::WorkerGlobalScope*) + 105
8   com.apple.WebCore             	0x000000011808f4e8 WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 408
9   com.apple.WebCore             	0x000000011808ed63 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 115
10  com.apple.WebCore             	0x0000000118097455 WebCore::WorkerThread::runEventLoop() + 53
11  com.apple.WebCore             	0x0000000115e4d2c9 WebCore::DedicatedWorkerThread::runEventLoop() + 89
12  com.apple.WebCore             	0x0000000118097377 WebCore::WorkerThread::workerThread() + 1127
13  com.apple.WebCore             	0x0000000118096f05 WebCore::WorkerThread::workerThreadStart(void*) + 21

Comment 1 youenn fablet 2016-09-23 01:33:11 PDT

Created attachment 289671 [details]
Patch

Comment 2 Alexey Proskuryakov 2016-09-23 10:38:30 PDT

Is this rdar://problem/28438651?

Comment 3 youenn fablet 2016-09-23 10:39:51 PDT

(In reply to comment #2)
> Is this rdar://problem/28438651?

Yes

Comment 4 youenn fablet 2016-09-23 12:41:26 PDT

Comment on attachment 289671 [details]
Patch

I see three options here:
1. Remove the assert (which ensures that we correctly unset pending request)
2. Protect the body owner but this is not very useful in release
3. Protect the body owner in debug mode but that makes a difference with release, which may be also annoying.

I chose option 3 but could also go with option 1

Comment 5 youenn fablet 2016-09-27 08:19:19 PDT

Created attachment 289944 [details]
Patch

Comment 6 youenn fablet 2016-09-28 06:35:20 PDT

Created attachment 290081 [details]
Patch

Comment 7 Alex Christensen 2016-09-28 08:31:38 PDT

Comment on attachment 290081 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=290081&action=review

> Source/WebCore/Modules/fetch/FetchBodyOwner.cpp:61
> +        ASSERT(isUniqueReference || !m_blobLoader);

ASSERT_UNUSED would make this cleaner.

Comment 8 youenn fablet 2016-09-30 00:02:09 PDT

Created attachment 290307 [details]
Patch for landing

Comment 9 WebKit Commit Bot 2016-09-30 00:23:57 PDT

Comment on attachment 290307 [details]
Patch for landing

Rejecting attachment 290307 [details] from commit-queue.

Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-03', 'build', '--no-clean', '--no-update', '--build-style=release', '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit

Last 500 characters of output:
_64/FloatPolygon.dia -c /Volumes/Data/EWS/WebKit/Source/WebCore/platform/graphics/FloatPolygon.cpp -o /Volumes/Data/EWS/WebKit/WebKitBuild/WebCore.build/Release/WebCore.build/Objects-normal/x86_64/FloatPolygon.o

** BUILD FAILED **


The following build commands failed:
	CompileC /Volumes/Data/EWS/WebKit/WebKitBuild/WebCore.build/Release/WebCore.build/Objects-normal/x86_64/FetchBodyOwner.o Modules/fetch/FetchBodyOwner.cpp normal x86_64 c++ com.apple.compilers.llvm.clang.1_0.compiler
(1 failure)

Full output: http://webkit-queues.webkit.org/results/2173332

Comment 10 youenn fablet 2016-09-30 00:32:06 PDT

Created attachment 290309 [details]
Patch for landing

Comment 11 WebKit Commit Bot 2016-09-30 01:29:25 PDT

Comment on attachment 290309 [details]
Patch for landing

Clearing flags on attachment: 290309

Committed r206633: <http://trac.webkit.org/changeset/206633>

Comment 12 WebKit Commit Bot 2016-09-30 01:29:28 PDT

All reviewed patches have been landed.  Closing bug.

Comment 13 David Kilzer (:ddkilzer) 2016-10-01 07:42:45 PDT

<rdar://problem/28438651>