Bug 127650 - [SOUP] WebProcess sometimes crashes when a download is cancelled
Summary: [SOUP] WebProcess sometimes crashes when a download is cancelled
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: Gtk
Depends on:
Blocks:
 
Reported: 2014-01-26 05:29 PST by Carlos Garcia Campos
Modified: 2014-01-27 00:22 PST (History)
1 user (show)

See Also:

Attachments
Patch (2.20 KB, patch)
2014-01-26 05:39 PST, Carlos Garcia Campos 		mrobinson: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Garcia Campos 2014-01-26 05:29:30 PST 
Program received signal SIGSEGV, Segmentation fault.
0x00007ffca626a00b in WebKit::Download::cancel() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
(gdb) bt
#0  0x00007ffca626a00b in WebKit::Download::cancel() () fromWebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#1  0x00007ffca6402d90 in WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection*, IPC::MessageDecoder&) ()
   from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#2  0x00007ffca7769f8b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) ()
   from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#3  0x00007ffca776a0d3 in IPC::Connection::dispatchOneMessage() () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#4  0x00007ffca89c45b6 in WTF::RunLoop::performWork() () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0
#5  0x00007ffca89d10e9 in WTF::RunLoop::queueWork(WTF::RunLoop*) () from WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0
#6  0x00007ffca25084b5 in g_main_dispatch (context=0x1d80a20) at gmain.c:3068
#7  g_main_context_dispatch (context=context@entry=0x1d80a20) at gmain.c:3643
#8  0x00007ffca2508818 in g_main_context_iterate (context=0x1d80a20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3714
#9  0x00007ffca2508c1a in g_main_loop_run (loop=0x1e64af0) at gmain.c:3908
#10 0x00007ffca635e914 in WebProcessMainGtk () from WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#11 0x00007ffca14fa995 in __libc_start_main (main=0x400890 <main>, argc=2, ubp_av=0x7fffe13e1728, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffe13e1718) at libc-start.c:276
#12 0x00000000004008be in _start ()
Comment 1 Carlos Garcia Campos 2014-01-26 05:39:15 PST 
Created attachment 222269 [details]
Patch
Comment 2 Martin Robinson 2014-01-26 08:30:15 PST 
Comment on attachment 222269 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=222269&action=review

> Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp:241
> +    RefPtr<ResourceHandle> resourceHandle = m_resourceHandle;
> +    m_resourceHandle = nullptr;

You should use m_resourceHandle.release() here.
Comment 3 Carlos Garcia Campos 2014-01-27 00:22:36 PST 
Committed r162830: <http://trac.webkit.org/changeset/162830>