147039 – REGRESSION(r184376): [SOUP] Multiple assertions when downloading files

RESOLVED FIXED 147039

REGRESSION(r184376): [SOUP] Multiple assertions when downloading files

https://bugs.webkit.org/show_bug.cgi?id=147039

Summary REGRESSION(r184376): [SOUP] Multiple assertions when downloading files

Michael Catanzaro

Reported 2015-07-17 08:17:20 PDT

With my debug build of r186919, the network process crashes when I download any file: ASSERTION FAILED: !m_adoptionIsRequired ../../Source/WTF/wtf/RefCounted.h(45) : void WTF::RefCountedBase::ref() My semi-random test file is http://cdimage.debian.org/debian-cd/8.1.0/amd64/iso-dvd/debian-8.1.0-amd64-DVD-1.iso Backtrace incoming.

Attachments
Backtrace (58.26 KB, text/plain) 2015-07-17 08:22 PDT, Michael Catanzaro	no flags	Details
Patch (3.43 KB, patch) 2015-07-20 18:11 PDT, Michael Catanzaro	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Catanzaro

Comment 1 2015-07-17 08:22:54 PDT

Created attachment 256971 [details] Backtrace

Michael Catanzaro

Comment 2 2015-07-20 17:07:09 PDT

<MagicSchoolBus>Carrrrlos!</MagicSchoolBus> You have to either adopt the ref before assigning to the RefPtr: // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run. RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);

Michael Catanzaro

Comment 3 2015-07-20 17:36:18 PDT

Insufficient patch: diff --git a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp b/Sourc e/WebCore/platform/network/soup/ResourceHandleSoup.cpp index ea692d6..d407dcc 100644 --- a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp +++ b/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp @@ -1036,14 +1036,15 @@ bool ResourceHandle::start() RefPtr<ResourceHandle> ResourceHandle::releaseForDownload(ResourceHandleClient* downloadClient) { // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run. - RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff); + ResourceHandle* newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff); + newHandle->relaxAdoptionRequirement(); std::swap(d, newHandle->d); g_signal_handlers_disconnect_matched(newHandle->d->m_soupMessage.get(), G_SIGNAL_MATCH_DATA, 0, 0, nullptr, nullptr, this); - g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle.get()); + g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle); newHandle->d->m_client = downloadClient; - continueAfterDidReceiveResponse(newHandle.get()); + continueAfterDidReceiveResponse(newHandle); return newHandle; } That doesn't change the refcount so it should be good. But it's insufficient because that's not the only bug when downloading files; the next one is: ASSERTION FAILED: client() ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp(1377) : virtual void WebCore::ResourceHandle::continueDidReceiveResponse() Truncated backtrace is: 1 0x7f7500255df0 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x20) [0x7f7500255df0] 2 0x7f750607ca29 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore14ResourceHandle26continueDidReceiveResponseEv+0x49) [0x7f750607ca29] 3 0x7f75046df82b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess33convertMainResourceLoadToDownloadEmmRKN7WebCore15ResourceRequestERKNS1_16ResourceResponseE+0xbb) [0x7f75046df82b] 4 0x7f750489fdf0 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC22callMemberFunctionImplIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EEJLm0ELm1ELm2ELm3EEEEvPT_T0_OT1_St14index_sequenceIJXspT2_EEE+0xf0) [0x7f750489fdf0] 5 0x7f750489fbbc /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18callMemberFunctionIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EESt19make_index_sequenceILm4EEEEvOT1_PT_T0_+0x6c) [0x7f750489fbbc] 6 0x7f7504898b90 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC13handleMessageIN8Messages29NetworkConnectionToWebProcess33ConvertMainResourceLoadToDownloadEN6WebKit29NetworkConnectionToWebProcessEMS5_FvmmRKN7WebCore15ResourceRequestERKNS6_16ResourceResponseEEEEvRNS_14MessageDecoderEPT0_T1_+0x140) [0x7f7504898b90] 7 0x7f7504897b92 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess46didReceiveNetworkConnectionToWebProcessMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x302) [0x7f7504897b92] 8 0x7f75046ded1e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x6e) [0x7f75046ded1e] 9 0x7f750424b4f3 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageERNS_14MessageDecoderE+0x33) [0x7f750424b4f3] 10 0x7f7504246477 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_14MessageDecoderESt14default_deleteIS2_EE+0xc7) [0x7f7504246477] 11 0x7f750424b61f /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection18dispatchOneMessageEv+0x11f) [0x7f750424b61f] 12 0x7f750424b95d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f895d) [0x7f750424b95d] 13 0x7f750424b72d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f872d) [0x7f750424b72d] 14 0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e] 15 0x7f750688803a /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop11performWorkEv+0x13a) [0x7f750688803a] 16 0x7f750688e14d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3b14d) [0x7f750688e14d] 17 0x7f750688df1d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3af1d) [0x7f750688df1d] 18 0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e] 19 0x7f75002b4519 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource12voidCallbackEv+0xa9) [0x7f75002b4519] 20 0x7f75002b2106 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource18voidSourceCallbackEPS0_+0x16) [0x7f75002b2106] 21 0x7f74fc507471 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x56471) [0x7f74fc507471] 22 0x7f74fc504ab9 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x53ab9) [0x7f74fc504ab9] 23 0x7f74fc5058fd /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f74fc5058fd] 24 0x7f74fc505ae1 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x54ae1) [0x7f74fc505ae1] 25 0x7f74fc505f07 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_loop_run+0x1d5) [0x7f74fc505f07] 26 0x7f750688d47d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop3runEv+0xbd) [0x7f750688d47d] 27 0x7f750474ad2d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16ChildProcessMainINS_14NetworkProcessENS_18NetworkProcessMainEEEiiPPc+0xfd) [0x7f750474ad2d] 28 0x7f750474ab7b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(NetworkProcessMainUnix+0x1b) [0x7f750474ab7b] 29 0x400c39 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(main+0x49) [0x400c39] 30 0x7f74f5c1a790 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f74f5c1a790] 31 0x400b19 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(_start+0x29) [0x400b19]

Michael Catanzaro

Comment 4 2015-07-20 17:39:11 PDT

ResourceHandle::continueAfterDidReceiveResponse is clearly prepared to handle the case of a missing client, so I think the assertions in ResourceHandle::ContinueDidReceiveResponse are wrong. Same for ResourceHandle::continueAfterWillSendRequest and ResourceHandle::continueWillSendRequest.

Michael Catanzaro

Comment 5 2015-07-20 18:11:09 PDT

Created attachment 257153 [details] Patch

WebKit Commit Bot

Comment 6 2015-07-20 23:19:43 PDT

Comment on attachment 257153 [details] Patch Clearing flags on attachment: 257153 Committed r187101: <http://trac.webkit.org/changeset/187101>

WebKit Commit Bot

Comment 7 2015-07-20 23:19:47 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Michael Catanzaro

Reported

2015-07-17 08:17 PDT

Modified

2015-07-20 23:19 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks