WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
107240
[Soup] Frequent crashes on redirections
https://bugs.webkit.org/show_bug.cgi?id=107240
Summary
[Soup] Frequent crashes on redirections
Sergio Villar Senin
Reported
2013-01-18 01:25:47 PST
These are the outcomes from gdb and valgrind sessions: (gdb) bt #0 0x000000000337dc60 in ?? () #1 0x00007ffff2266973 in WebCore::doRedirect (handle=0x3a20bd0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:485 #2 0x00007ffff2266a3e in WebCore::redirectCloseCallback (res=0x23c2ca0, data=0x3a20bd0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:495 #3 0x00007fffec87e4f2 in async_ready_close_callback_wrapper (source_object=0x18de130, res=0x23c2ca0, user_data=0x3a20bd0) at ginputstream.c:543 #4 0x00007fffec8aa804 in g_task_return_now (task=0x23c2ca0) at gtask.c:1102 #5 0x00007fffec8aa902 in g_task_return (task=0x23c2ca0, type=G_TASK_RETURN_ERROR) at gtask.c:1155 #6 0x00007fffec8ab27f in g_task_return_error (task=0x23c2ca0, error=0x2182a40) at gtask.c:1622 #7 0x00007fffef520baf in close_async_ready (msg=0x23a6e30, user_data=0x23c2ca0) at soup-client-input-stream.c:163 #8 0x00007fffef53bac7 in message_source_dispatch (source=0x33afdc0, callback=0x7fffef520b05 <close_async_ready>, user_data=0x23c2ca0) at soup-message-io.c:720 #9 0x00007fffec0ae47f in g_main_dispatch (context=0x7382f0) at gmain.c:2784 #10 0x00007fffec0af02f in g_main_context_dispatch (context=0x7382f0) at gmain.c:3288 #11 0x00007fffec0af21f in g_main_context_iterate (context=0x7382f0, block=1, dispatch=1, self=0x771960) at gmain.c:3359 #12 0x00007fffec0af2e3 in g_main_context_iteration (context=0x7382f0, may_block=1) at gmain.c:3420 #13 0x00007fffec8d5039 in g_application_run (application=0x920000, argc=1, argv=0x7fffffffda18) at gapplication.c:1620 #14 0x0000000000434e51 in main (argc=1, argv=0x7fffffffda18) at ephy-main.c:478 --- ==13881== Invalid read of size 8 ==13881== at 0x79CE94A: WebCore::doRedirect(WebCore::ResourceHandle*) (ResourceHandleSoup.cpp:485) ==13881== by 0x79CEA3D: WebCore::redirectCloseCallback(_GObject*, _GAsyncResult*, void*) (ResourceHandleSoup.cpp:495) ==13881== by 0x100C74F1: async_ready_close_callback_wrapper (ginputstream.c:543) ==13881== by 0x100F3803: g_task_return_now (gtask.c:1102) ==13881== by 0x100F3901: g_task_return (gtask.c:1155) ==13881== by 0x100F427E: g_task_return_error (gtask.c:1622) ==13881== by 0xD4BBBAE: close_async_ready (soup-client-input-stream.c:163) ==13881== by 0xD4D6AC6: message_source_dispatch (soup-message-io.c:720) ==13881== by 0x108BC47E: g_main_dispatch (gmain.c:2784) ==13881== by 0x108BD02E: g_main_context_dispatch (gmain.c:3288) ==13881== by 0x108BD21E: g_main_context_iterate (gmain.c:3359) ==13881== by 0x108BD2E2: g_main_context_iteration (gmain.c:3420) ==13881== Address 0x23de1100 is 0 bytes inside a block of size 1,048 free'd ==13881== at 0x4C28F5C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13881== by 0xCAECE26: WTF::fastFree(void*) (FastMalloc.cpp:336) ==13881== by 0x707D8F4: WTF::RefCounted<WebCore::ResourceLoader>::operator delete(void*) (RefCounted.h:197) ==13881== by 0x70915B3: WebCore::SubresourceLoader::~SubresourceLoader() (SubresourceLoader.cpp:79) ==13881== by 0x6FD0A0F: WTF::RefCounted<WebCore::ResourceLoader>::deref() (RefCounted.h:202) ==13881== by 0x6FD0383: void WTF::derefIfNotNull<WebCore::ResourceLoader>(WebCore::ResourceLoader*) (PassRefPtr.h:53) ==13881== by 0x6FCFEC6: WTF::RefPtr<WebCore::ResourceLoader>::~RefPtr() (RefPtr.h:56) ==13881== by 0x7087C79: WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) (ResourceLoader.cpp:411) ==13881== by 0x7079042: WebCore::MainResourceLoader::cancel(WebCore::ResourceError const&) (MainResourceLoader.cpp:134) ==13881== by 0x7078ED6: WebCore::MainResourceLoader::cancel() (MainResourceLoader.cpp:116) ==13881== by 0x7025D9D: WebCore::DocumentLoader::stopLoading() (DocumentLoader.cpp:257) ==13881== by 0x7042D2F: WebCore::FrameLoader::stopAllLoaders(WebCore::ClearProvisionalItemPolicy) (FrameLoader.cpp:1556)
Attachments
Patch
(1.68 KB, patch)
2013-01-18 02:35 PST
,
Sergio Villar Senin
mrobinson
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Sergio Villar Senin
Comment 1
2013-01-18 02:35:06 PST
Created
attachment 183413
[details]
Patch
Martin Robinson
Comment 2
2013-01-18 08:11:16 PST
Comment on
attachment 183413
[details]
Patch Thanks for the fix! While landing this do you think you can also fix the style of GAsyncResult* res? It should be called result.
Sergio Villar Senin
Comment 3
2013-01-18 08:30:14 PST
Committed
r140154
: <
http://trac.webkit.org/changeset/140154
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug