178434 – [curl] Segfault in WebCore::CurlRequest::setupPOST

Bug 178434 - [curl] Segfault in WebCore::CurlRequest::setupPOST

Summary: [curl] Segfault in WebCore::CurlRequest::setupPOST

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Platform (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Basuke Suzuki

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-10-18 02:52 PDT by Fujii Hironori
Modified:	2017-11-15 13:03 PST (History)
CC List:	11 users (show)

See Also:	177733

Attachments
patch (2.06 KB, patch) 2017-10-18 21:59 PDT, Basuke Suzuki	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fujii Hironori 2017-10-18 02:52:37 PDT

[curl] Segfault in WebCore::CurlRequest::setupPOST

1) Start MiniBrowser
2) Open http://amazon.co.jp/
3) Crash

WinCairo port, trunk@223596, Debug build

Callstack:

> WebKit.dll!WTF::Vector<WebCore::FormDataElement,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::size() Line 661	C++
> WebKit.dll!WebCore::CurlRequest::setupPOST(WebCore::ResourceRequest & request) Line 421	C++
> WebKit.dll!WebCore::CurlRequest::setupTransfer() Line 159	C++
> WebKit.dll!WebCore::CurlJobList::startJobs(WTF::HashSet<WebCore::CurlJobClient *,WTF::PtrHash<WebCore::CurlJobClient *>,WTF::HashTraits<WebCore::CurlJobClient *> > && jobs) Line 46	C++
> WebKit.dll!WebCore::CurlJobManager::updateJobList(WebCore::CurlJobList & jobs) Line 178	C++
> WebKit.dll!WebCore::CurlJobManager::workerThread() Line 197	C++
> WebKit.dll!WebCore::CurlJobManager::startThreadIfNeeded::__l10::<lambda>() Line 132	C++
> WebKit.dll!WTF::Function<void __cdecl(void)>::CallableWrapper<void <lambda>(void) >::call() Line 101	C++
> WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 57	C++
> WTF.dll!WTF::Thread::entryPoint(WTF::Thread::NewThreadContext * newThreadContext) Line 130	C++
> WTF.dll!WTF::wtfThreadEntryPoint(void * data) Line 157	C++
> WTF.dll!thread_start<unsigned int (__cdecl*)(void * __ptr64)>(void * const parameter) Line 115	C++
> [External Code]	


> void CurlRequest::setupPOST(ResourceRequest& request)
> {
>     m_curlHandle->enableHttpPostRequest();
> 
>     auto numElements = request.httpBody()->elements().size();
>     if (!numElements)
>         return;

request.m_httpBody was null.

Comment 1 Fujii Hironori 2017-10-18 02:53:56 PDT

Looks similar with Bug 177733.

Comment 2 Basuke Suzuki 2017-10-18 21:59:53 PDT

Created attachment 324207 [details]
patch

Comment 3 WebKit Commit Bot 2017-10-19 00:41:45 PDT

Comment on attachment 324207 [details]
patch

Clearing flags on attachment: 324207

Committed r223681: <https://trac.webkit.org/changeset/223681>

Comment 4 WebKit Commit Bot 2017-10-19 00:41:47 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Radar WebKit Bug Importer 2017-11-15 13:03:51 PST

<rdar://problem/35568712>