| Summary: | CacheStorageEngineConnection should protect its IPC Connection when doing asynchronous tasks | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | youenn fablet <youennf> | ||||
| Component: | Service Workers | Assignee: | youenn fablet <youennf> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | ap, beidson, cdumez, cgarcia, commit-queue, ews-watchlist, webkit-bug-importer | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
youenn fablet
2017-12-05 17:48:37 PST
Here is a crash log when doing:
run-webkit-tests --no-retry --no-sample -v --repeat-each 100 imported/w3c/web-platform-tests/service-workers/service-worker/fetch-canvas-tainting-cache.https.html
Process: com.apple.WebKit.Networking.Development [86454]
Path: /Users/USER/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking.Development
Identifier: com.apple.WebKit.Networking.Development
Version: 605+ (605.1.16+)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: WebKitTestRunner [86453]
User ID: 501
Date/Time: 2017-12-05 14:55:53.013 -0800
OS Version: Mac OS X 10.13.2 (17C88)
Report Version: 12
Anonymous UUID: 31B4759E-B7DD-798A-299A-02258BA90FE8
Sleep/Wake UUID: 55AF7277-A7F7-4AAF-BE2C-75CABF38A30E
Time Awake Since Boot: 250000 seconds
Time Since Wake: 1400 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.libdispatch-io.opq
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Application Specific Information:
=================================================================
==86454==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000068210 at pc 0x00010a4239a7 bp 0x7ffee8986080 sp 0x7ffee8986078
READ of size 8 at 0x60c000068210 thread T0
==86454==WARNING: invalid path to external symbolizer!
==86454==WARNING: Failed to use and restart external symbolizer!
#0 0x10a4239a6 in WTF::Ref<IPC::Connection>::get() const (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0xcd9a6)
#1 0x10a4718e4 in WebKit::CacheStorageEngineConnection::putRecords(PAL::SessionID, unsigned long long, unsigned long long, WTF::Vector<WebCore::DOMCacheEngine::Record, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)::$_5::operator()(WTF::Expected<WTF::Vector<unsigned long long, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::DOMCacheEngine::Error>&&) const (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x11b8e4)
#2 0x10a454985 in WebKit::CacheStorage::AsynchronousPutTaskCounter::~AsynchronousPutTaskCounter() (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0xfe985)
#3 0x10a45479e in WTF::RefCounted<WebKit::CacheStorage::AsynchronousPutTaskCounter>::deref() const (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0xfe79e)
#4 0x10a455824 in WTF::Function<void (std::optional<WebCore::DOMCacheEngine::Error>&&)>::CallableWrapper<WebKit::CacheStorage::Cache::writeRecordToDisk(WebKit::CacheStorage::RecordInformation const&, WebCore::DOMCacheEngine::Record&&, WTF::Ref<WebKit::CacheStorage::AsynchronousPutTaskCounter>&&, unsigned long long)::$_9>::~CallableWrapper() (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0xff824)
#5 0x10a4557bd in WTF::Function<void (std::optional<WebCore::DOMCacheEngine::Error>&&)>::CallableWrapper<WebKit::CacheStorage::Cache::writeRecordToDisk(WebKit::CacheStorage::RecordInformation const&, WebCore::DOMCacheEngine::Record&&, WTF::Ref<WebKit::CacheStorage::AsynchronousPutTaskCounter>&&, unsigned long long)::$_9>::~CallableWrapper() (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0xff7bd)
#6 0x10a460ed1 in WebKit::CacheStorage::Caches::writeRecord(WebKit::CacheStorage::Cache const&, WebKit::CacheStorage::RecordInformation const&, WebCore::DOMCacheEngine::Record&&, unsigned long long, WTF::Function<void (std::optional<WebCore::DOMCacheEngine::Error>&&)>&&)::$_17::~$_17() (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x10aed1)
#7 0x10a4683f4 in WTF::Function<void (WebKit::NetworkCache::Data const&)>::CallableWrapper<WebKit::CacheStorage::Caches::writeRecord(WebKit::CacheStorage::Cache const&, WebKit::CacheStorage::RecordInformation const&, WebCore::DOMCacheEngine::Record&&, unsigned long long, WTF::Function<void (std::optional<WebCore::DOMCacheEngine::Error>&&)>&&)::$_17>::~CallableWrapper() (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x1123f4)
#8 0x10a46831d in WTF::Function<void (WebKit::NetworkCache::Data const&)>::CallableWrapper<WebKit::CacheStorage::Caches::writeRecord(WebKit::CacheStorage::Cache const&, WebKit::CacheStorage::RecordInformation const&, WebCore::DOMCacheEngine::Record&&, unsigned long long, WTF::Function<void (std::optional<WebCore::DOMCacheEngine::Error>&&)>&&)::$_17>::~CallableWrapper() (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x11231d)
#9 0x10a636924 in WebKit::NetworkCache::Storage::WriteOperation::~WriteOperation() (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x2e0924)
#10 0x10a638cff in WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >::customDeleteBucket(std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >&) (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x2e2cff)
#11 0x10a638b5b in WTF::HashTable<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, WTF::IdentityExtractor, WTF::PtrHash<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > > >::remove(std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >*) (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x2e2b5b)
#12 0x10a6389ba in WTF::HashTable<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, WTF::IdentityExtractor, WTF::PtrHash<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > > >::removeWithoutEntryConsistencyCheck(WTF::HashTableConstIterator<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, WTF::IdentityExtractor, WTF::PtrHash<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > > >) (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x2e29ba)
#13 0x10a638474 in WTF::HashSet<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, WTF::PtrHash<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > > >::remove(WTF::HashTableConstIteratorAdapter<WTF::HashTable<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, WTF::IdentityExtractor, WTF::PtrHash<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > > >, std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >) (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x2e2474)
#14 0x10a629282 in std::__1::enable_if<IsSmartPtr<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >::value, bool>::type WTF::HashSet<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> >, WTF::PtrHash<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >, WTF::HashTraits<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > > >::remove<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >(WTF::GetPtrHelper<std::__1::unique_ptr<WebKit::NetworkCache::Storage::WriteOperation, std::__1::default_delete<WebKit::NetworkCache::Storage::WriteOperation> > >::PtrType) (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x2d3282)
#15 0x10a629116 in WebKit::NetworkCache::Storage::finishWriteOperation(WebKit::NetworkCache::Storage::WriteOperation&) (/Users/ap/Safari/OpenSource/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x2d3116)
Created attachment 328540 [details]
Patch
Comment on attachment 328540 [details] Patch Clearing flags on attachment: 328540 Committed r225578: <https://trac.webkit.org/changeset/225578> All reviewed patches have been landed. Closing bug. |