WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
104922
[WK2] Frequent NetworkProcess crashes due to null connection when closing tabs
https://bugs.webkit.org/show_bug.cgi?id=104922
Summary
[WK2] Frequent NetworkProcess crashes due to null connection when closing tabs
Alexey Proskuryakov
Reported
2012-12-13 09:13:27 PST
When a tab is closed, WebProcess goes away, but NetworkProcess will still sometimes attempt to send messages to it if there were outstanding loads. NetworkResourceLoader and NetworkConnectionToWebProcess both have m_connection that is zeroed on on connection close, and that causes null pointer crashes in IPC machinery. This is easy to reproduce on sites that use long-standing connections, like gmail. <
rdar://problem/12870065
>
Attachments
proposed patch
(3.57 KB, patch)
2012-12-13 09:17 PST
,
Alexey Proskuryakov
andersca
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2012-12-13 09:17:36 PST
Created
attachment 179283
[details]
proposed patch
Oliver Hunt
Comment 2
2012-12-13 09:30:32 PST
Comment on
attachment 179283
[details]
proposed patch View in context:
https://bugs.webkit.org/attachment.cgi?id=179283&action=review
> Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp:-147 > - m_connection->unregisterObserver(this);
Why arbitrarily delta this and not have if (RefPtr<blah> connection = m_connection) connection->unregisterObserver(this) ?
> Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp:-148 > - m_connection = 0;
If connection is null this doesn't hurt, does it hurt to explicitly clear m_connection if it is non-null?
Alexey Proskuryakov
Comment 3
2012-12-13 10:04:17 PST
Comment on
attachment 179283
[details]
proposed patch View in context:
https://bugs.webkit.org/attachment.cgi?id=179283&action=review
>> Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp:-147 >> - m_connection->unregisterObserver(this); > > Why arbitrarily delta this and not have if (RefPtr<blah> connection = m_connection) connection->unregisterObserver(this) ?
There is another unregisterObserver call in destructor, there is no reason to do this twice.
>> Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp:-148 >> - m_connection = 0; > > If connection is null this doesn't hurt, does it hurt to explicitly clear m_connection if it is non-null?
I'm not sure if I understand the question. m_connection being null is why this crash happens, so it definitely hurts to clear it.
Alexey Proskuryakov
Comment 4
2012-12-13 10:34:08 PST
Committed <
http://trac.webkit.org/changeset/137610
>.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug