Bug 214425

Summary: REGRESSION(r264486): ASSERTION FAILED: ASSERT_NOT_REACHED() in NetworkProcessPlatformStrategies::createBlobRegistry
Product: WebKit Reporter: Sihui Liu <sihui_liu>
Component: New BugsAssignee: Sihui Liu <sihui_liu>
Status: RESOLVED FIXED    
Severity: Normal CC: alecflett, beidson, ews-watchlist, jsbell, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch
none
Patch for landing none

Sihui Liu
Reported 2020-07-16 14:56:21 PDT
Testing blobs in tests storage/indexeddb/structured-clone.html crashes.
Attachments
Patch (25.71 KB, patch)
2020-07-17 21:34 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch (48.63 KB, patch)
2020-07-17 21:45 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch (50.96 KB, patch)
2020-07-20 09:33 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch (51.97 KB, patch)
2020-07-20 10:05 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch for landing (51.84 KB, patch)
2020-07-21 09:45 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Sihui Liu
Comment 1 2020-07-17 21:34:35 PDT
Created attachment 404635 [details] Patch
Sihui Liu
Comment 2 2020-07-17 21:45:20 PDT
Created attachment 404636 [details] Patch
youenn fablet
Comment 3 2020-07-20 06:27:36 PDT
Comment on attachment 404636 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404636&action=review > Source/WebCore/bindings/js/SerializedScriptValue.cpp:2949 > + if (!m_isDOMGlobalObject || m_globalObject->inherits<JSIDBSerializationGlobalObject>(m_globalObject->vm())) There are some more m_isDOMGlobalObject that might benefit from the same change, for instance in readFile. Would it be possible to just initialise m_isDOMGlobalObject to false if m_globalObject->inherits<JSIDBSerializationGlobalObject>(...) is true? And maybe rename m_isDOMGlobalObject to a more precise name. > Source/WebCore/bindings/js/SerializedScriptValue.cpp:3174 > if (m_isDOMGlobalObject) We could check for JSIDBSerializationGlobalObject as well here.
Sihui Liu
Comment 4 2020-07-20 08:42:45 PDT
Comment on attachment 404636 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404636&action=review >> Source/WebCore/bindings/js/SerializedScriptValue.cpp:2949 >> + if (!m_isDOMGlobalObject || m_globalObject->inherits<JSIDBSerializationGlobalObject>(m_globalObject->vm())) > > There are some more m_isDOMGlobalObject that might benefit from the same change, for instance in readFile. > > Would it be possible to just initialise m_isDOMGlobalObject to false if m_globalObject->inherits<JSIDBSerializationGlobalObject>(...) is true? > And maybe rename m_isDOMGlobalObject to a more precise name. I am not sure whether there is other use case of m_isDOMGlobalObject other than IDB so I did not change this check. Will try. >> Source/WebCore/bindings/js/SerializedScriptValue.cpp:3174 >> if (m_isDOMGlobalObject) > > We could check for JSIDBSerializationGlobalObject as well here. Sure. It may be even better to move the check to before the iteration.
Sihui Liu
Comment 5 2020-07-20 09:33:53 PDT
Created attachment 404721 [details] Patch
Sihui Liu
Comment 6 2020-07-20 10:05:27 PDT
Created attachment 404724 [details] Patch
Radar WebKit Bug Importer
Comment 7 2020-07-20 10:50:47 PDT
<rdar://problem/65834875>
youenn fablet
Comment 8 2020-07-21 04:03:49 PDT
Comment on attachment 404724 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404724&action=review > Source/WebCore/bindings/js/SerializedScriptValue.cpp:3161 > + return jsNull(); We will not call readFile so will not be able to advance m_ptr. We should probably do this check after readFile. Ditto for FileListTag. > Source/WebCore/bindings/js/SerializedScriptValue.cpp:3198 > + ASSERT_NOT_REACHED(); This change is not explained and is somehow counter intuitive. Why not: "if (m_isJSIDBSerializationGlobalObject) ..." without the ASSERT_NOT_REACHED?
Sihui Liu
Comment 9 2020-07-21 09:09:53 PDT
Comment on attachment 404724 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404724&action=review >> Source/WebCore/bindings/js/SerializedScriptValue.cpp:3161 >> + return jsNull(); > > We will not call readFile so will not be able to advance m_ptr. > We should probably do this check after readFile. > Ditto for FileListTag. Sure. >> Source/WebCore/bindings/js/SerializedScriptValue.cpp:3198 >> + ASSERT_NOT_REACHED(); > > This change is not explained and is somehow counter intuitive. > Why not: "if (m_isJSIDBSerializationGlobalObject) ..." without the ASSERT_NOT_REACHED? ImageData can be deserialized with JSIDBSerializationGlobalObject according to storage/indexeddb/structured-clone.html I added this assertion to check if any test uses this code path (called with non JSDOMGlobalObject) other than previous IDB; if so then we need to keep this check. It looks like we can remove this.
Sihui Liu
Comment 10 2020-07-21 09:45:02 PDT
Created attachment 404826 [details] Patch for landing
EWS
Comment 11 2020-07-21 10:28:25 PDT
Committed r264661: <https://trac.webkit.org/changeset/264661> All reviewed patches have been landed. Closing bug and clearing flags on attachment 404826 [details].
Note You need to log in before you can comment on or make changes to this bug.