Bug 137779 - [iOS] Crashes in CFURLConnection delegates due to unimplemented retain/release
Summary: [iOS] Crashes in CFURLConnection delegates due to unimplemented retain/release
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: iPhone / iPad All
: P1 Normal
Assignee: Alexey Proskuryakov
Keywords: InRadar
: 135027 (view as bug list)
Depends on:
Reported: 2014-10-16 09:54 PDT by Alexey Proskuryakov
Modified: 2014-10-18 00:40 PDT (History)
5 users (show)

See Also:

proposed fix (10.62 KB, patch)
2014-10-16 10:14 PDT, Alexey Proskuryakov
no flags Details | Formatted Diff | Diff
with a build fix (10.64 KB, patch)
2014-10-16 12:19 PDT, Alexey Proskuryakov
beidson: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2014-10-16 09:54:29 PDT
We need ResourceHandleCFURLConnectionDelegate to remain alive for as long as CFURLConnection is making delegate calls. The only way to guarantee this is to have CFURLConnection retain the delegate, which it does - but we don't implement retain/release client callbacks!

This causes crashes in Networking process.
Comment 1 Alexey Proskuryakov 2014-10-16 10:01:18 PDT
*** Bug 135027 has been marked as a duplicate of this bug. ***
Comment 2 Alexey Proskuryakov 2014-10-16 10:01:57 PDT
Comment 3 Alexey Proskuryakov 2014-10-16 10:14:49 PDT
Created attachment 239950 [details]
proposed fix
Comment 4 Alexey Proskuryakov 2014-10-16 12:19:27 PDT
Created attachment 239957 [details]
with a build fix
Comment 5 Alexey Proskuryakov 2014-10-16 12:46:44 PDT
Committed <https://trac.webkit.org/r174787>.
Comment 6 Darin Adler 2014-10-17 23:06:23 PDT
Comment on attachment 239957 [details]
with a build fix

View in context: https://bugs.webkit.org/attachment.cgi?id=239957&action=review

> Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:61
> +    static_cast<ResourceHandleCFURLConnectionDelegate*>(const_cast<void*>(clientInfo))->ref();

Is this thread-safe?
Comment 7 Alexey Proskuryakov 2014-10-18 00:40:14 PDT
Yes, ResourceHandleCFURLConnectionDelegate is a ThreadSafeRefCounted object, and it doesn't have any data members that are unsafe to destruct on any thread.