Bug 207464

Summary: Crash under WebProcessProxy::shouldSendPendingMessage()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, commit-queue, ggaren, koivisto, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2020-02-10 08:37:11 PST
Crash under WebProcessProxy::shouldSendPendingMessage(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000018) [ 0] 0x000000019713ef68 WebKit`WebKit::WebProcessProxy::shouldSendPendingMessage(WebKit::AuxiliaryProcessProxy::PendingMessage const&) [inlined] IPC::Encoder::messageName() const at Encoder.h:46:50 42 Encoder(StringReference messageReceiverName, StringReference messageName, uint64_t destinationID); 43 ~Encoder(); 44 45 StringReference messageReceiverName() const { return m_messageReceiverName; } -> 46 StringReference messageName() const { return m_messageName; } 47 uint64_t destinationID() const { return m_destinationID; } 48 49 void setIsSyncMessage(bool); 50 bool isSyncMessage() const; 0x000000019713ef58: stp x29, x30, [sp, #0x40] 0x000000019713ef5c: add x29, sp, #0x40 ; =0x40 0x000000019713ef60: sub sp, sp, #0x380 ; =0x380 0x000000019713ef64: ldr x19, [x1] -> 0x000000019713ef68: ldr x8, [x19, #0x18] 0x000000019713ef6c: cmp x8, #0x22 ; =0x22 0x000000019713ef70: b.ne 0x2e1f90 ; <+76> at WebProcessProxy.cpp 0x000000019713ef74: mov x20, x0 0x000000019713ef78: ldr x0, [x19, #0x10] [ 0] 0x000000019713ef68 WebKit`WebKit::WebProcessProxy::shouldSendPendingMessage(WebKit::AuxiliaryProcessProxy::PendingMessage const&) + 36 at WebProcessProxy.cpp:331 327 328 bool WebProcessProxy::shouldSendPendingMessage(const PendingMessage& message) 329 { 330 #if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN) -> 331 if (message.encoder->messageName() == "LoadRequestWaitingForProcessLaunch") { 332 auto buffer = message.encoder->buffer(); 333 auto bufferSize = message.encoder->bufferSize(); 334 std::unique_ptr<IPC::Decoder> decoder = makeUnique<IPC::Decoder>(buffer, bufferSize, nullptr, Vector<IPC::Attachment> { }); 335 LoadParameters loadParameters; [ 1] 0x0000000197081553 WebKit`WebKit::AuxiliaryProcessProxy::didFinishLaunching(WebKit::ProcessLauncher*, IPC::Connection::Identifier) + 295 at AuxiliaryProcessProxy.cpp:217:14 213 connectionWillOpen(*m_connection); 214 m_connection->open(); 215 216 for (auto&& pendingMessage : std::exchange(m_pendingMessages, { })) { -> 217 if (!shouldSendPendingMessage(pendingMessage)) 218 continue; 219 auto encoder = WTFMove(pendingMessage.encoder); 220 auto sendOptions = pendingMessage.sendOptions; 221 if (pendingMessage.asyncReplyInfo) [ 2] 0x0000000197081553 WebKit`WebKit::AuxiliaryProcessProxy::didFinishLaunching(WebKit::ProcessLauncher*, IPC::Connection::Identifier) + 295 at AuxiliaryProcessProxy.cpp:217:14 213 connectionWillOpen(*m_connection); 214 m_connection->open(); 215 216 for (auto&& pendingMessage : std::exchange(m_pendingMessages, { })) { -> 217 if (!shouldSendPendingMessage(pendingMessage)) 218 continue; 219 auto encoder = WTFMove(pendingMessage.encoder); 220 auto sendOptions = pendingMessage.sendOptions; 221 if (pendingMessage.asyncReplyInfo) [ 3] 0x00000001971413cf WebKit`WebKit::WebProcessProxy::didFinishLaunching(WebKit::ProcessLauncher*, IPC::Connection::Identifier) + 99 at WebProcessProxy.cpp:867:28
Attachments
Patch (1.70 KB, patch)
2020-02-10 08:40 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2020-02-10 08:37:21 PST
<rdar://problem/59293825>
Chris Dumez
Comment 2 2020-02-10 08:40:14 PST
Created attachment 390253 [details] Patch
WebKit Commit Bot
Comment 3 2020-02-10 09:56:57 PST
The commit-queue encountered the following flaky tests while processing attachment 390253 [details]: editing/spelling/spellcheck-attribute.html bug 206178 (authors: g.czajkowski@samsung.com, mark.lam@apple.com, and rniwa@webkit.org) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 4 2020-02-10 09:57:36 PST
Comment on attachment 390253 [details] Patch Clearing flags on attachment: 390253 Committed r256187: <https://trac.webkit.org/changeset/256187>
WebKit Commit Bot
Comment 5 2020-02-10 09:57:37 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.