Bug 162483

Summary: DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
Product: WebKit Reporter: youenn fablet <youennf>
Component: WebCore Misc.Assignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ddkilzer, ryanhaddad, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch for landing
none
Patch for landing none

youenn fablet
Reported 2016-09-23 01:29:59 PDT
Crash log is: 0 com.apple.WebCore 0x00000001160d269c WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool() const + 12 1 com.apple.WebCore 0x00000001160d14a5 WebCore::FetchBodyOwner::stop() + 213 2 com.apple.WebCore 0x00000001179428c2 WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 290 3 com.apple.WebCore 0x0000000118097da9 WebCore::WorkerThread::stop()::$_0::operator()(WebCore::ScriptExecutionContext&) const + 57 4 com.apple.WebCore 0x0000000118097d47 WTF::Function<void (WebCore::ScriptExecutionContext&)>::CallableWrapper<WebCore::WorkerThread::stop()::$_0>::call(WebCore::ScriptExecutionContext&) + 55 5 com.apple.WebCore 0x0000000115ef5b57 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 119 6 com.apple.WebCore 0x0000000115ee59fd WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29 7 com.apple.WebCore 0x000000011808f6c9 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerRunLoop const&, WebCore::WorkerGlobalScope*) + 105 8 com.apple.WebCore 0x000000011808f4e8 WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 408 9 com.apple.WebCore 0x000000011808ed63 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 115 10 com.apple.WebCore 0x0000000118097455 WebCore::WorkerThread::runEventLoop() + 53 11 com.apple.WebCore 0x0000000115e4d2c9 WebCore::DedicatedWorkerThread::runEventLoop() + 89 12 com.apple.WebCore 0x0000000118097377 WebCore::WorkerThread::workerThread() + 1127 13 com.apple.WebCore 0x0000000118096f05 WebCore::WorkerThread::workerThreadStart(void*) + 21
Attachments
Patch (1.54 KB, patch)
2016-09-23 01:33 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (1.73 KB, patch)
2016-09-27 08:19 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (3.76 KB, patch)
2016-09-28 06:35 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.67 KB, patch)
2016-09-30 00:02 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.65 KB, patch)
2016-09-30 00:32 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2016-09-23 01:33:11 PDT
Created attachment 289671 [details] Patch
Alexey Proskuryakov
Comment 2 2016-09-23 10:38:30 PDT
Is this rdar://problem/28438651?
youenn fablet
Comment 3 2016-09-23 10:39:51 PDT
(In reply to comment #2) > Is this rdar://problem/28438651? Yes
youenn fablet
Comment 4 2016-09-23 12:41:26 PDT
Comment on attachment 289671 [details] Patch I see three options here: 1. Remove the assert (which ensures that we correctly unset pending request) 2. Protect the body owner but this is not very useful in release 3. Protect the body owner in debug mode but that makes a difference with release, which may be also annoying. I chose option 3 but could also go with option 1
youenn fablet
Comment 5 2016-09-27 08:19:19 PDT
Created attachment 289944 [details] Patch
youenn fablet
Comment 6 2016-09-28 06:35:20 PDT
Created attachment 290081 [details] Patch
Alex Christensen
Comment 7 2016-09-28 08:31:38 PDT
Comment on attachment 290081 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=290081&action=review > Source/WebCore/Modules/fetch/FetchBodyOwner.cpp:61 > + ASSERT(isUniqueReference || !m_blobLoader); ASSERT_UNUSED would make this cleaner.
youenn fablet
Comment 8 2016-09-30 00:02:09 PDT
Created attachment 290307 [details] Patch for landing
WebKit Commit Bot
Comment 9 2016-09-30 00:23:57 PDT
Comment on attachment 290307 [details] Patch for landing Rejecting attachment 290307 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-03', 'build', '--no-clean', '--no-update', '--build-style=release', '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: _64/FloatPolygon.dia -c /Volumes/Data/EWS/WebKit/Source/WebCore/platform/graphics/FloatPolygon.cpp -o /Volumes/Data/EWS/WebKit/WebKitBuild/WebCore.build/Release/WebCore.build/Objects-normal/x86_64/FloatPolygon.o ** BUILD FAILED ** The following build commands failed: CompileC /Volumes/Data/EWS/WebKit/WebKitBuild/WebCore.build/Release/WebCore.build/Objects-normal/x86_64/FetchBodyOwner.o Modules/fetch/FetchBodyOwner.cpp normal x86_64 c++ com.apple.compilers.llvm.clang.1_0.compiler (1 failure) Full output: http://webkit-queues.webkit.org/results/2173332
youenn fablet
Comment 10 2016-09-30 00:32:06 PDT
Created attachment 290309 [details] Patch for landing
WebKit Commit Bot
Comment 11 2016-09-30 01:29:25 PDT
Comment on attachment 290309 [details] Patch for landing Clearing flags on attachment: 290309 Committed r206633: <http://trac.webkit.org/changeset/206633>
WebKit Commit Bot
Comment 12 2016-09-30 01:29:28 PDT
All reviewed patches have been landed. Closing bug.
David Kilzer (:ddkilzer)
Comment 13 2016-10-01 07:42:45 PDT
<rdar://problem/28438651>
Note You need to log in before you can comment on or make changes to this bug.