Bug 221227

Summary: Crash under NetworkStorageSession::cookiesForSession()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, darin, ggaren
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=221268
Attachments:
Description Flags
Patch
none
Patch none

Description Chris Dumez 2021-02-01 14:13:46 PST 
Crash under NetworkStorageSession::cookiesForSession():
Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff202e5e12 __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff20314615 pthread_kill + 263
2   libsystem_c.dylib             	0x00007fff20269411 abort + 120
3   libsystem_malloc.dylib        	0x00007fff20149438 malloc_vreport + 548
4   libsystem_malloc.dylib        	0x00007fff2015d79a malloc_zone_error + 183
5   libsystem_malloc.dylib        	0x00007fff201421b8 small_free_list_remove_ptr_no_clear + 1270
6   libsystem_malloc.dylib        	0x00007fff2013d2cd small_malloc_from_free_list + 359
7   libsystem_malloc.dylib        	0x00007fff2013caf8 small_malloc_should_clear + 259
8   libsystem_malloc.dylib        	0x00007fff2013c912 szone_malloc_should_clear + 109
9   libsystem_malloc.dylib        	0x00007fff2015602c _malloc_zone_calloc + 59
10  com.apple.CoreFoundation      	0x00007fff2038fcb2 _CFRuntimeCreateInstance + 294
11  com.apple.CoreFoundation      	0x00007fff2038f3bc __CFStringCreateImmutableFunnel3 + 1900
12  com.apple.CoreFoundation      	0x00007fff2038ec42 CFStringCreateWithCString + 73
13  com.apple.CFNetwork           	0x7fff247bd81f -[NSHTTPCookie value] + 9 (/System/Volumes/Data/SWE/macOS/BuildRoots/2288acc43c/Library/Caches/com.apple.xbs/Sources/CFNetwork/CFNetwork-1230.1/Foundation/NSHTTPCookie.mm:386)
14  com.apple.WebCore             	0x00007fff3a580994 WebCore::NetworkStorageSession::cookiesForSession(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::Optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WebCore::NetworkStorageSession::IncludeHTTPOnlyOrNot, WebCore::IncludeSecureCookies, WebCore::ShouldAskITP, WebCore::ShouldRelaxThirdPartyCookieBlocking) const + 1348
15  com.apple.WebCore             	0x00007fff3a580c29 WebCore::NetworkStorageSession::cookiesForDOM(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::Optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WebCore::IncludeSecureCookies, WebCore::ShouldAskITP, WebCore::ShouldRelaxThirdPartyCookieBlocking) const + 121
16  com.apple.WebKit              	0x00007fff3c95c997 WebKit::WebCookieJar::cookies(WebCore::Document&, WTF::URL const&) const + 1997
17  com.apple.WebCore             	0x00007fff3ab15470 WebCore::Document::cookie() + 336
18  com.apple.WebCore             	0x00007fff39d1e796 WebCore::jsDocument_cookie(JSC::JSGlobalObject*, long long, JSC::PropertyName) + 38
Comment 1 Chris Dumez 2021-02-01 14:14:02 PST 
<rdar://71975008>
Comment 2 Chris Dumez 2021-02-01 14:16:13 PST 
Created attachment 418923 [details]
Patch
Comment 3 Chris Dumez 2021-02-01 15:16:56 PST 
Created attachment 418934 [details]
Patch
Comment 4 Geoffrey Garen 2021-02-01 15:21:19 PST 
Comment on attachment 418934 [details]
Patch

r=me
Comment 5 EWS 2021-02-02 09:07:40 PST 
Committed r272211: <https://trac.webkit.org/changeset/272211>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 418934 [details].
Comment 6 Darin Adler 2021-02-02 09:22:46 PST 
Comment on attachment 418934 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=418934&action=review

> Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:270
> +    return *cookiesPtr;

Could add a WTFMove here and avoid one churn, since the "*" means the return-value optimization won’t happen.
Comment 7 Chris Dumez 2021-02-02 09:38:11 PST 
(In reply to Darin Adler from comment #6)
> Comment on attachment 418934 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=418934&action=review
> 
> > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:270
> > +    return *cookiesPtr;
> 
> Could add a WTFMove here and avoid one churn, since the "*" means the
> return-value optimization won’t happen.

I followed-up in <https://trac.webkit.org/changeset/272214>. Thanks.