Bug 137779 - [iOS] Crashes in CFURLConnection delegates due to unimplemented retain/release
Summary: [iOS] Crashes in CFURLConnection delegates due to unimplemented retain/release
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: iPhone / iPad All
: P1 Normal
Assignee: Alexey Proskuryakov
URL:
Keywords: InRadar
: 135027 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-10-16 09:54 PDT by Alexey Proskuryakov
Modified: 2014-10-18 00:40 PDT (History)
5 users (show)

See Also:

Attachments
proposed fix (10.62 KB, patch)
2014-10-16 10:14 PDT, Alexey Proskuryakov 		no flags Details | Formatted Diff | Diff
with a build fix (10.64 KB, patch)
2014-10-16 12:19 PDT, Alexey Proskuryakov 		beidson: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2014-10-16 09:54:29 PDT 
We need ResourceHandleCFURLConnectionDelegate to remain alive for as long as CFURLConnection is making delegate calls. The only way to guarantee this is to have CFURLConnection retain the delegate, which it does - but we don't implement retain/release client callbacks!

This causes crashes in Networking process.
Comment 1 Alexey Proskuryakov 2014-10-16 10:01:18 PDT 
*** Bug 135027 has been marked as a duplicate of this bug. ***
Comment 2 Alexey Proskuryakov 2014-10-16 10:01:57 PDT 
rdar://problem/18679320
Comment 3 Alexey Proskuryakov 2014-10-16 10:14:49 PDT 
Created attachment 239950 [details]
proposed fix
Comment 4 Alexey Proskuryakov 2014-10-16 12:19:27 PDT 
Created attachment 239957 [details]
with a build fix
Comment 5 Alexey Proskuryakov 2014-10-16 12:46:44 PDT 
Committed <https://trac.webkit.org/r174787>.
Comment 6 Darin Adler 2014-10-17 23:06:23 PDT 
Comment on attachment 239957 [details]
with a build fix

View in context: https://bugs.webkit.org/attachment.cgi?id=239957&action=review

> Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:61
> +    static_cast<ResourceHandleCFURLConnectionDelegate*>(const_cast<void*>(clientInfo))->ref();

Is this thread-safe?
Comment 7 Alexey Proskuryakov 2014-10-18 00:40:14 PDT 
Yes, ResourceHandleCFURLConnectionDelegate is a ThreadSafeRefCounted object, and it doesn't have any data members that are unsafe to destruct on any thread.