Bug 221227

Summary: Crash under NetworkStorageSession::cookiesForSession()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, darin, ggaren
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=221268
Attachments:
Description Flags
Patch
none
Patch none

Chris Dumez
Reported 2021-02-01 14:13:46 PST
Crash under NetworkStorageSession::cookiesForSession(): Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x00007fff202e5e12 __pthread_kill + 10 1 libsystem_pthread.dylib 0x00007fff20314615 pthread_kill + 263 2 libsystem_c.dylib 0x00007fff20269411 abort + 120 3 libsystem_malloc.dylib 0x00007fff20149438 malloc_vreport + 548 4 libsystem_malloc.dylib 0x00007fff2015d79a malloc_zone_error + 183 5 libsystem_malloc.dylib 0x00007fff201421b8 small_free_list_remove_ptr_no_clear + 1270 6 libsystem_malloc.dylib 0x00007fff2013d2cd small_malloc_from_free_list + 359 7 libsystem_malloc.dylib 0x00007fff2013caf8 small_malloc_should_clear + 259 8 libsystem_malloc.dylib 0x00007fff2013c912 szone_malloc_should_clear + 109 9 libsystem_malloc.dylib 0x00007fff2015602c _malloc_zone_calloc + 59 10 com.apple.CoreFoundation 0x00007fff2038fcb2 _CFRuntimeCreateInstance + 294 11 com.apple.CoreFoundation 0x00007fff2038f3bc __CFStringCreateImmutableFunnel3 + 1900 12 com.apple.CoreFoundation 0x00007fff2038ec42 CFStringCreateWithCString + 73 13 com.apple.CFNetwork 0x7fff247bd81f -[NSHTTPCookie value] + 9 (/System/Volumes/Data/SWE/macOS/BuildRoots/2288acc43c/Library/Caches/com.apple.xbs/Sources/CFNetwork/CFNetwork-1230.1/Foundation/NSHTTPCookie.mm:386) 14 com.apple.WebCore 0x00007fff3a580994 WebCore::NetworkStorageSession::cookiesForSession(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::Optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WebCore::NetworkStorageSession::IncludeHTTPOnlyOrNot, WebCore::IncludeSecureCookies, WebCore::ShouldAskITP, WebCore::ShouldRelaxThirdPartyCookieBlocking) const + 1348 15 com.apple.WebCore 0x00007fff3a580c29 WebCore::NetworkStorageSession::cookiesForDOM(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::Optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WebCore::IncludeSecureCookies, WebCore::ShouldAskITP, WebCore::ShouldRelaxThirdPartyCookieBlocking) const + 121 16 com.apple.WebKit 0x00007fff3c95c997 WebKit::WebCookieJar::cookies(WebCore::Document&, WTF::URL const&) const + 1997 17 com.apple.WebCore 0x00007fff3ab15470 WebCore::Document::cookie() + 336 18 com.apple.WebCore 0x00007fff39d1e796 WebCore::jsDocument_cookie(JSC::JSGlobalObject*, long long, JSC::PropertyName) + 38
Attachments
Patch (9.44 KB, patch)
2021-02-01 14:16 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.49 KB, patch)
2021-02-01 15:16 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-02-01 14:14:02 PST
<rdar://71975008>
Chris Dumez
Comment 2 2021-02-01 14:16:13 PST
Created attachment 418923 [details] Patch
Chris Dumez
Comment 3 2021-02-01 15:16:56 PST
Created attachment 418934 [details] Patch
Geoffrey Garen
Comment 4 2021-02-01 15:21:19 PST
Comment on attachment 418934 [details] Patch r=me
EWS
Comment 5 2021-02-02 09:07:40 PST
Committed r272211: <https://trac.webkit.org/changeset/272211> All reviewed patches have been landed. Closing bug and clearing flags on attachment 418934 [details].
Darin Adler
Comment 6 2021-02-02 09:22:46 PST
Comment on attachment 418934 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=418934&action=review > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:270 > + return *cookiesPtr; Could add a WTFMove here and avoid one churn, since the "*" means the return-value optimization won’t happen.
Chris Dumez
Comment 7 2021-02-02 09:38:11 PST
(In reply to Darin Adler from comment #6) > Comment on attachment 418934 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=418934&action=review > > > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:270 > > + return *cookiesPtr; > > Could add a WTFMove here and avoid one churn, since the "*" means the > return-value optimization won’t happen. I followed-up in <https://trac.webkit.org/changeset/272214>. Thanks.
Note You need to log in before you can comment on or make changes to this bug.