Bug 174323 - Accessing localDescription, remoteDescription, etc. after setTimeout raises EXC_BAD_ACCESS
Summary: Accessing localDescription, remoteDescription, etc. after setTimeout raises E...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: Safari Technology Preview
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-07-10 15:16 PDT by Mark Roberts
Modified: 2017-07-12 15:31 PDT (History)
7 users (show)

See Also:

Attachments
Patch (14.89 KB, patch)
2017-07-12 13:03 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews106 for mac-elcapitan-wk2 (1.14 MB, application/zip)
2017-07-12 14:10 PDT, Build Bot 		no flags Details
Patch for landing (11.42 KB, patch)
2017-07-12 14:25 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Roberts 2017-07-10 15:16:04 PDT 
The following code raises an EXC_BAD_ACCESS error and crashes the tab in Safari 11 Tech Preview.

    (async () => {
      const pc = new RTCPeerConnection()
      pc.close()
      await new Promise(resolve => setTimeout(resolve))
      console.log(pc.localDescription)
    })()

Even simpler:

    const pc = new RTCPeerConnection()
    pc.close()
    setTimeout(() => {
      console.log(pc.localDescription)
    })

You can replace the access to `localDescription` with any of

    * localDescription
    * currentLocalDescription
    * pendingLocalDescription
    * remoteDescription
    * currentRemoteDescription
    * pendingRemoteDescription

Expected output:

    null

Actual output:

    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
    0   com.apple.WebCore             	0x000000010b59e8dd WebCore::LibWebRTCMediaEndpoint::pendingRemoteDescription() const + 13
    1   com.apple.WebCore             	0x000000010b5aa872 WebCore::LibWebRTCPeerConnectionBackend::pendingRemoteDescription() const + 18
    2   com.apple.WebCore             	0x000000010b89a1a6 WebCore::RTCPeerConnection::pendingRemoteDescription() const + 22
    3   com.apple.WebCore             	0x000000010b3d4b77 WebCore::jsRTCPeerConnectionPendingRemoteDescription(JSC::ExecState*, long long, JSC::PropertyName) + 231
    ...
Comment 1 Radar WebKit Bug Importer 2017-07-12 10:36:42 PDT 
<rdar://problem/33267876>
Comment 2 youenn fablet 2017-07-12 13:03:33 PDT 
Created attachment 315275 [details]
Patch
Comment 3 Eric Carlson 2017-07-12 13:06:29 PDT 
Comment on attachment 315275 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=315275&action=review

> Source/WebCore/Modules/mediastream/PeerConnectionBackend.cpp:384
> +void PeerConnectionBackend::cleanPendingPromises()

Nit: rejectPendingPromises, or maybe clearPendingPromises, would be a more accurate name.
Comment 4 Build Bot 2017-07-12 14:10:35 PDT 
Comment on attachment 315275 [details]
Patch

Attachment 315275 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/4109254

New failing tests:
imported/w3c/web-platform-tests/webrtc/RTCPeerConnection-createOffer.html
webrtc/libwebrtc/release-while-creating-offer.html
imported/w3c/web-platform-tests/webrtc/RTCPeerConnection-createAnswer.html
imported/w3c/web-platform-tests/webrtc/RTCPeerConnection-setRemoteDescription.html
Comment 5 Build Bot 2017-07-12 14:10:36 PDT 
Created attachment 315282 [details]
Archive of layout-test-results from ews106 for mac-elcapitan-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews106  Port: mac-elcapitan-wk2  Platform: Mac OS X 10.11.6
Comment 6 youenn fablet 2017-07-12 14:25:09 PDT 
Created attachment 315283 [details]
Patch for landing
Comment 7 WebKit Commit Bot 2017-07-12 15:31:48 PDT 
Comment on attachment 315283 [details]
Patch for landing

Clearing flags on attachment: 315283

Committed r219428: <http://trac.webkit.org/changeset/219428>
Comment 8 WebKit Commit Bot 2017-07-12 15:31:50 PDT 
All reviewed patches have been landed.  Closing bug.