Bug 171195

Summary: Crash in WebKit: WebKit::GenericCallback<API::SerializedScriptValue*, bool, WebCore::ExceptionDetails const&>::invalidate(WebKit::CallbackBase::Error)
Product: WebKit Reporter: Stefan Arentz <stefan>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ap, beidson, e.mironov
Priority: P2    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=171196
Attachments:
Description Flags
Crashes none

Description Stefan Arentz 2017-04-23 06:00:57 PDT 
We see this one a lot in Firefox for iOS. Crash reports attached.
Comment 1 Stefan Arentz 2017-04-23 06:01:16 PDT 
Created attachment 307933 [details]
Crashes
Comment 2 Alexey Proskuryakov 2017-04-25 19:12:53 PDT 
This seems like the same issue as bug 171196.
Comment 3 Evgeny Mironov 2017-12-06 11:20:00 PST 
I guess the problem has been introduced in the https://trac.webkit.org/changeset/213777/webkit when the type of the GenericCallback:: m_callback was changed from CallbackFunction to std::optional<CallbackFunction>. After type changing the checking like "if (!m_callback) return;" checks only whether the m_callback is set but not if it can be called.
As a solution, the constructor can be updated to set m_callback only if provided callback can be called:
    GenericCallback(CallbackFunction&& callback, const ProcessThrottler::BackgroundActivityToken& activityToken)
        : CallbackBase(type(), activityToken)
        , m_callback(std::nullopt)
    {
        if (callback)
            m_callback = WTFMove(callback);
    }

In this case it's enough to check if the m_callback is set.