Bug 16099 - Crash in CURL for empty POST
Summary: Crash in CURL for empty POST
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Critical
Assignee: Nobody
URL: http://sparcs.kaist.ac.kr/~tinuviel/d...
Keywords: Curl
Depends on:
Reported: 2007-11-22 21:32 PST by Seo Sanghyeon
Modified: 2007-12-30 03:52 PST (History)
2 users (show)

See Also:

Fix crasher (788 bytes, patch)
2007-11-28 20:19 PST, Alp Toker
no flags Details | Formatted Diff | Diff
Avoid deadlock too (661 bytes, patch)
2007-11-28 20:28 PST, Alp Toker
no flags Details | Formatted Diff | Diff
patch (541 bytes, patch)
2007-12-08 00:43 PST, Luca Bruno
alp: review-
Details | Formatted Diff | Diff
post empty data (526 bytes, patch)
2007-12-30 03:21 PST, Luca Bruno
no flags Details | Formatted Diff | Diff
add changelog entry (1.21 KB, patch)
2007-12-30 03:46 PST, Luca Bruno
alp: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Seo Sanghyeon 2007-11-22 21:32:27 PST
SVN r27981. ./build-webkit --gtk.

Open the URL with GtkLauncher. It immeidately crashes inside CURL. The URL posts an empty form.

This prevents use of http://mail.daum.net/, the #1 webmail site in Korea.
Comment 1 Alp Toker 2007-11-28 20:19:54 PST
Created attachment 17586 [details]
Fix crasher

I haven't checked to see if there are other instances of this bug in ResourceHandleManager or whether there is a better place to do this check yet. Does it do the trick for you?
Comment 2 Alp Toker 2007-11-28 20:28:09 PST
Created attachment 17587 [details]
Avoid deadlock too
Comment 3 Seo Sanghyeon 2007-12-03 18:44:24 PST
I still get the crash after applying the patch.
Comment 4 Luca Bruno 2007-12-08 00:43:40 PST
Created attachment 17787 [details]

Can you try this one?
Alp, the main problem is that the httpBody is NULL.
The patch checks that in setupPOST like yours, but is it right that httpBody is being set to NULL somewhere?
Comment 5 Alp Toker 2007-12-15 08:36:31 PST
Comment on attachment 17787 [details]

This page seems to just hang the browser now. The patch doesn't fix the hang. Probably due to recent fixes.
Comment 6 Luca Bruno 2007-12-28 12:42:47 PST
Doesn't crash to me after fixing job cancellation. Can you all check please?
Comment 7 Seo Sanghyeon 2007-12-28 20:14:24 PST
SVN r29020. ./autogen.sh; make. No patch.

URL now hangs as described by Alp in #5.
Comment 8 Luca Bruno 2007-12-29 01:21:56 PST
Did you do make install and ran GtkLauncher without using the run-launcher right?
Comment 9 Seo Sanghyeon 2007-12-29 01:39:45 PST
Of course.
Comment 10 Luca Bruno 2007-12-29 04:32:00 PST
Can you please paste a traceback here?
Comment 11 Seo Sanghyeon 2007-12-29 04:39:22 PST
How does one produce a traceback of the hanged program?
Comment 12 Luca Bruno 2007-12-29 07:04:48 PST
I know i'm boring you :) but really i'm both trying to reproduce the bug and getting informations from you.

Please ensure you're using the right library. You switched from qmake to autotools this may lead to using mismatched libraries. For example, retry using qmake with svn HEAD. Remove all libWebKit* from your system.

Can you press ctrl+c inside gdb when it hangs?

Maybe the problem is on font rendering? Are you able to open other korean web sites?
Comment 13 Seo Sanghyeon 2007-12-29 07:25:36 PST
> Are you able to open other Korean web sites?

Yes, Korean web sites render fine.

> Please ensure you're using the right library.

$ ldd Programs/.libs/GtkLauncher | grep WebKit
libWebKitGtk.so.1 => /opt/webkit/lib/libWebKitGtk.so.1

I checked the modification time of the above file.

> Can you press ctrl+c inside gdb when it hangs?

Program received signal SIGINT, Interrupt.
[Switching to Thread 0xb598d6c0 (LWP 26137)]
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb615fb5b in read () from /lib/i686/cmov/libc.so.6
#2  0xb60fdd49 in ?? () from /lib/i686/cmov/libc.so.6
#3  0xb60fff58 in _IO_sgetn () from /lib/i686/cmov/libc.so.6
#4  0xb60f3f5e in fread () from /lib/i686/cmov/libc.so.6
#5  0xb79db3da in ?? () from /usr/lib/libcurl.so.4
(much more ??s)
Comment 14 Luca Bruno 2007-12-29 07:42:55 PST
What are the first 2-3 functions of WebKit in the traceback? You stopped to libcurl...

Which version of libcurl you have? Here 7.17.1
Comment 15 Seo Sanghyeon 2007-12-29 07:59:40 PST
No function of WebKit in the traceback.
libcurl is Debian package libcurl3 7.17.1-1. The same version you have.
Comment 16 Luca Bruno 2007-12-29 10:43:07 PST
Without the patch doesn't hang to me. Maybe you have the patch still applied.

Can you please revert the patch, update to HEAD and ensure there're no conflicts in WebCore/platform/network/curl/ReasourceHandleManager.cpp, then retry?
Comment 17 Seo Sanghyeon 2007-12-29 16:54:42 PST
I don't have any patch applied. Please don't treat me as an idiot.

Apparently I'm not the only person who can reproduce this bug. I hope others will chime in.
Comment 18 Alp Toker 2007-12-29 18:18:53 PST
Seo, I think Luca was just going through some basic diagnostic steps.

I've reproduced the hang with a TOT build. There is probably not much more to be speculated on this bug until it's traced using gdb. Could turn out to be a re-entrancy issue or anything.

Another option is to experiment with new http backends -- they're not that hard to write and the current curl http backend is a bit messy.
Comment 19 Luca Bruno 2007-12-30 03:21:23 PST
Created attachment 18189 [details]
post empty data

Sorry Seo, i don't think you are an idiot really.

Well i got finally this hang with svn HEAD.

The patch is very simple, i just remove a condition which avoids empty POST from being transmitted. This seems to fix the problem.
If that's the issue, I wonder the purpose of that condition and if this patch could bring a regression.

Seo, can you try with this patch? Thanks.
Comment 20 Luca Bruno 2007-12-30 03:46:02 PST
Created attachment 18190 [details]
add changelog entry
Comment 21 Alp Toker 2007-12-30 03:47:15 PST
Comment on attachment 18190 [details]
add changelog entry


The old check was clearly wrong.
Comment 22 Alp Toker 2007-12-30 03:52:51 PST
Landed in r29037.