Bug 171195 - Crash in WebKit: WebKit::GenericCallback<API::SerializedScriptValue*, bool, WebCore::ExceptionDetails const&>::invalidate(WebKit::CallbackBase::Error)
Summary: Crash in WebKit: WebKit::GenericCallback<API::SerializedScriptValue*, bool, W...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-23 06:00 PDT by Stefan Arentz
Modified: 2017-12-06 12:33 PST (History)
3 users (show)

See Also:


Attachments
Crashes (208.61 KB, application/zip)
2017-04-23 06:01 PDT, Stefan Arentz
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Arentz 2017-04-23 06:00:57 PDT
We see this one a lot in Firefox for iOS. Crash reports attached.
Comment 1 Stefan Arentz 2017-04-23 06:01:16 PDT
Created attachment 307933 [details]
Crashes
Comment 2 Alexey Proskuryakov 2017-04-25 19:12:53 PDT
This seems like the same issue as bug 171196.
Comment 3 Evgeny Mironov 2017-12-06 11:20:00 PST
I guess the problem has been introduced in the https://trac.webkit.org/changeset/213777/webkit when the type of the GenericCallback:: m_callback was changed from CallbackFunction to std::optional<CallbackFunction>. After type changing the checking like "if (!m_callback) return;" checks only whether the m_callback is set but not if it can be called.
As a solution, the constructor can be updated to set m_callback only if provided callback can be called:
    GenericCallback(CallbackFunction&& callback, const ProcessThrottler::BackgroundActivityToken& activityToken)
        : CallbackBase(type(), activityToken)
        , m_callback(std::nullopt)
    {
        if (callback)
            m_callback = WTFMove(callback);
    }

In this case it's enough to check if the m_callback is set.