Bug 146783 - [SOUP] Crash in ~WebSoupRequestAsyncData
Summary: [SOUP] Crash in ~WebSoupRequestAsyncData
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-09 06:19 PDT by Michael Catanzaro
Modified: 2017-03-11 11:03 PST (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2015-07-09 06:19:56 PDT 
Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 42'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  ~WebSoupRequestAsyncData (this=0x1, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.8.3/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:54
54	        if (request)

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 ~WebSoupRequestAsyncData at /usr/src/debug/webkitgtk-2.8.3/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:54
 #1 operator() at /usr/include/c++/5.1.1/bits/unique_ptr.h:76
 #2 ~unique_ptr at /usr/include/c++/5.1.1/bits/unique_ptr.h:236
 #3 ~KeyValuePair at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTraits.h:180
 #4 reinsert at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:926
 #5 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >, WTF::IntHash<unsigned long>, WTF::HashMap<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> >, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::rehash at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1126
 #6 shrink at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:444
 #7 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >, WTF::IntHash<unsigned long>, WTF::HashMap<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> >, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::remove at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1000
 #8 removeAndInvalidateWithoutEntryConsistencyCheck at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:974
 #9 removeWithoutEntryConsistencyCheck at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1020

See the downstream bug for the full backtrace.

I spent a bit of time looking at this, but I don't understand the crash. The code looks safe to me.