RESOLVED FIXED141094
Crash in MemoryCache::removeRequestFromSessionCaches() 
https://bugs.webkit.org/show_bug.cgi?id=141094
Summary Crash in MemoryCache::removeRequestFromSessionCaches()
Chris Dumez
Reported 2015-01-30 13:06:40 PST
Crash in MemoryCache::removeRequestFromSessionCaches() sometimes happens when running fast/files/workers/worker-apply-blob-url-to-xhr.html: https://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK1%20(Tests)/r179403%20(10178)/fast/files/workers/worker-apply-blob-url-to-xhr-crash-log.txt The reason is that we remove items from m_sessionResources as we are iterating over it, thus invalidating our iterator.
Attachments
Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-01-30 13:48:22 PST
r179403 is calling HashTable::add() which invalidates all iterators, even if we don't end up actually adding anything to the HashTable. The previous code was calling get() (which would not invalidate iterators) and then call add() only if the item is not in the HashMap. From this call site, we know the sessionID is in the HashMap so it is actually safe but we hit the assertion in HashTableIterator anyway. A clean solution would be to have 2 separate sessionResources() getters: a getOrCreate() one and a getOnlyIfExists() one.
Chris Dumez
Comment 2 2015-01-30 14:00:38 PST
Rolled out in <http://trac.webkit.org/changeset/179410>.
Note You need to log in before you can comment on or make changes to this bug.