RESOLVED FIXED 157917
REGRESSION(201098) GuardMalloc / ASan crashes in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply 
https://bugs.webkit.org/show_bug.cgi?id=157917
Summary REGRESSION(201098) GuardMalloc / ASan crashes in WebCore::IDBServer::UniqueID...
Ryan Haddad
Reported 2016-05-19 13:27:20 PDT
Started with <http://trac.webkit.org/changeset/201098> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010feb513c WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply() + 44 1 com.apple.WebCore 0x000000010f56e05a WebCore::IDBServer::IDBServer::handleTaskRepliesOnMainThread() + 106 2 com.apple.JavaScriptCore 0x000000010e043fc7 WTF::dispatchFunctionsFromMainThread() + 519 3 com.apple.Foundation 0x00007fff90c0efde __NSThreadPerformPerform + 279 4 com.apple.CoreFoundation 0x00007fff894d7881 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 5 com.apple.CoreFoundation 0x00007fff894b6fbc __CFRunLoopDoSources0 + 556 6 com.apple.CoreFoundation 0x00007fff894b64df __CFRunLoopRun + 927 7 com.apple.CoreFoundation 0x00007fff894b5ed8 CFRunLoopRunSpecific + 296 8 com.apple.HIToolbox 0x00007fff8f6e1935 RunCurrentEventLoopInMode + 235 9 com.apple.HIToolbox 0x00007fff8f6e176f ReceiveNextEventCommon + 432 10 com.apple.HIToolbox 0x00007fff8f6e15af _BlockUntilNextEventMatchingListInModeWithFilter + 71 11 com.apple.AppKit 0x00007fff973b9efa _DPSNextEvent + 1067 12 com.apple.AppKit 0x00007fff973b932a -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 13 com.apple.AppKit 0x00007fff973ade84 -[NSApplication run] + 682 14 com.apple.AppKit 0x00007fff9737746c NSApplicationMain + 1176 15 libxpc.dylib 0x00007fff90afa194 _xpc_objc_main + 795 16 libxpc.dylib 0x00007fff90af8bbe xpc_main + 494 17 com.apple.WebKit.WebContent 0x000000010d6747df 0x10d673000 + 6111 18 libdyld.dylib 0x00007fff82be85ad start + 1
Attachments
Patch (2.28 KB, patch)
2016-05-19 15:03 PDT, Brady Eidson 		achristensen: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2016-05-19 13:27:57 PDT
<rdar://problem/26371025>
Brady Eidson
Comment 2 2016-05-19 14:59:19 PDT
This is nothing more than a missing protector ref.
Brady Eidson
Comment 3 2016-05-19 14:59:56 PDT
*** Bug 157915 has been marked as a duplicate of this bug. ***
Brady Eidson
Comment 4 2016-05-19 15:03:15 PDT
Created attachment 279437 [details] Patch
Brady Eidson
Comment 5 2016-05-19 15:16:28 PDT
EWS is smoking something. http://trac.webkit.org/changeset/201188
Darin Adler
Comment 6 2016-05-21 08:28:49 PDT
Comment on attachment 279437 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=279437&action=review > Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp:1520 > + RefPtr<UniqueIDBDatabase> protectedThis(this); A case like this should use Ref rather than RefPtr. In fact, this is sort of the case that Kling made Ref for originally.
Note You need to log in before you can comment on or make changes to this bug.