Bug 171195

Summary: Crash in WebKit: WebKit::GenericCallback<API::SerializedScriptValue*, bool, WebCore::ExceptionDetails const&>::invalidate(WebKit::CallbackBase::Error)
Product: WebKit Reporter: Stefan Arentz <stefan>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: ap, beidson, e.mironov
Priority: P2    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=171196
Attachments:
Description Flags
Crashes none

Stefan Arentz
Reported 2017-04-23 06:00:57 PDT
We see this one a lot in Firefox for iOS. Crash reports attached.
Attachments
Crashes (208.61 KB, application/zip)
2017-04-23 06:01 PDT, Stefan Arentz 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Stefan Arentz
Comment 1 2017-04-23 06:01:16 PDT
Created attachment 307933 [details] Crashes
Alexey Proskuryakov
Comment 2 2017-04-25 19:12:53 PDT
This seems like the same issue as bug 171196.
Evgeny Mironov
Comment 3 2017-12-06 11:20:00 PST
I guess the problem has been introduced in the https://trac.webkit.org/changeset/213777/webkit when the type of the GenericCallback:: m_callback was changed from CallbackFunction to std::optional<CallbackFunction>. After type changing the checking like "if (!m_callback) return;" checks only whether the m_callback is set but not if it can be called. As a solution, the constructor can be updated to set m_callback only if provided callback can be called: GenericCallback(CallbackFunction&& callback, const ProcessThrottler::BackgroundActivityToken& activityToken) : CallbackBase(type(), activityToken) , m_callback(std::nullopt) { if (callback) m_callback = WTFMove(callback); } In this case it's enough to check if the m_callback is set.
Note You need to log in before you can comment on or make changes to this bug.