Bug 184021 - CachedResource has to remove itself from the m_documentResources hash map before its m_handleCount is decremented
Summary: CachedResource has to remove itself from the m_documentResources hash map bef...
Status: RESOLVED DUPLICATE of bug 184268
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Said Abou-Hallawa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-03-26 13:26 PDT by Said Abou-Hallawa
Modified: 2018-04-27 19:23 PDT (History)
5 users (show)

See Also:


Attachments
Patch (2.61 KB, patch)
2018-03-26 13:37 PDT, Said Abou-Hallawa
ews-watchlist: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews206 for win-future (12.15 MB, application/zip)
2018-03-26 17:40 PDT, EWS Watchlist
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Said Abou-Hallawa 2018-03-26 13:26:43 PDT
Repro steps:

1. Open the url http://50.242.117.146/img/video.mjpeg which is a motion jpeg image

Result:
In the release build, the image is not showing new frames.
In the debug build, the following assertion fires. Notice that the destructor CachedResource::~CachedResource() is called from itself another time. The reason for that is the first CachedResource::unregisterHandle() sets m_handleCount to zero. When CachedResourceLoader::removeCachedResource() calls m_documentResources.get(...) in the ASSERT statement, the temporary CachedResourceHandle will increment m_handleCount so its value = 1. But the destructor of the temporary CachedResourceHandle calls the second CachedResource::unregisterHandle() which decrements m_handleCount again to 0 and causes the CachedResource::~CachedResource() for the same object to be called another time.

#0	0x00000001151bca94 in ::WTFCrash() at /Volumes/Data/WebKit/OpenSource/Source/WTF/wtf/Assertions.cpp:271
#1	0x0000000107d8504c in WebCore::CachedResource::~CachedResource() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:169
#2	0x0000000107d91a05 in WebCore::CachedResource::~CachedResource() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:165
#3	0x0000000107d91a29 in WebCore::CachedResource::~CachedResource() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:165
#4	0x0000000107d928eb in WebCore::CachedResource::deleteIfPossible() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:607
#5	0x0000000107d94456 in WebCore::CachedResource::unregisterHandle(WebCore::CachedResourceHandleBase*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:786
#6	0x0000000107d94aad in WebCore::CachedResourceHandleBase::~CachedResourceHandleBase() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResourceHandle.cpp:55
#7	0x0000000107648305 in WebCore::CachedResourceHandle<WebCore::CachedResource>::~CachedResourceHandle() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResourceHandle.h:61
#8	0x0000000107645605 in WebCore::CachedResourceHandle<WebCore::CachedResource>::~CachedResourceHandle() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResourceHandle.h:61
#9	0x0000000107d9191b in WebCore::CachedResourceLoader::removeCachedResource(WebCore::CachedResource&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResourceLoader.cpp:1261
#10	0x0000000107d85169 in WebCore::CachedResource::~CachedResource() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:178
#11	0x0000000107d89057 in WebCore::CachedImage::~CachedImage() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedImage.cpp:85
#12	0x0000000107d89265 in WebCore::CachedImage::~CachedImage() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedImage.cpp:83
#13	0x0000000107d89289 in WebCore::CachedImage::~CachedImage() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedImage.cpp:83
#14	0x0000000107d928eb in WebCore::CachedResource::deleteIfPossible() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:607
#15	0x0000000107d94456 in WebCore::CachedResource::unregisterHandle(WebCore::CachedResourceHandleBase*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResource.cpp:786
#16	0x0000000107d94b27 in WebCore::CachedResourceHandleBase::setResource(WebCore::CachedResource*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResourceHandle.cpp:63
#17	0x00000001076465a7 in WebCore::CachedResourceHandle<WebCore::CachedResource>::operator=(WebCore::CachedResource*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedResourceHandle.h:72
#18	0x0000000107cea36e in WTF::HashTableAddResult<WTF::HashTableIterator<WTF::String, WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> > >, WTF::StringHash, WTF::HashMap<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WebCore::CachedResourceHandle<WebCore::CachedResource> > >::KeyValuePairTraits, WTF::HashTraits<WTF::String> > > WTF::HashMap<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WebCore::CachedResourceHandle<WebCore::CachedResource> > >::inlineSet<WTF::String const&, WebCore::CachedImage*>(WTF::String const&&&, WebCore::CachedImage*&&) at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/HashMap.h:337
#19	0x0000000107ce0534 in WTF::HashTableAddResult<WTF::HashTableIterator<WTF::String, WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> > >, WTF::StringHash, WTF::HashMap<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WebCore::CachedResourceHandle<WebCore::CachedResource> > >::KeyValuePairTraits, WTF::HashTraits<WTF::String> > > WTF::HashMap<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WebCore::CachedResourceHandle<WebCore::CachedResource> > >::set<WebCore::CachedImage*>(WTF::String const&, WebCore::CachedImage*&&) at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/HashMap.h:360
#20	0x0000000107cdff4f in WebCore::ImageLoader::updateFromElement() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/ImageLoader.cpp:192
#21	0x0000000107ce09d2 in WebCore::ImageLoader::updateFromElementIgnoringPreviousError() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/ImageLoader.cpp:270
#22	0x00000001078be5f5 in WebCore::HTMLImageElement::selectImageSource() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/HTMLImageElement.cpp:201
#23	0x00000001078be787 in WebCore::HTMLImageElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/HTMLImageElement.cpp:210
#24	0x000000010759dd27 in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/Element.cpp:1380
#25	0x00000001076b25bf in WebCore::StyledElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/StyledElement.cpp:94
#26	0x00000001075a45df in WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/Element.cpp:3394
#27	0x00000001075a4523 in WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/Element.cpp:2389
#28	0x000000010759d771 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/Element.cpp:1317
#29	0x000000010759d915 in WebCore::Element::setAttributeWithoutSynchronization(WebCore::QualifiedName const&, WTF::AtomicString const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/Element.cpp:1299
#30	0x00000001078c04e9 in WebCore::HTMLImageElement::setSrc(WTF::String const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/HTMLImageElement.cpp:509
#31	0x00000001079c3b76 in WebCore::ImageDocument::createDocumentStructure() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/ImageDocument.cpp:239
#32	0x00000001079c37af in WebCore::ImageDocument::updateDuringParsing() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/ImageDocument.cpp:139
#33	0x00000001079c41d9 in WebCore::ImageDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/ImageDocument.cpp:189
#34	0x0000000107ca3819 in WebCore::DocumentWriter::addData(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentWriter.cpp:254
#35	0x0000000107c6701b in WebCore::DocumentLoader::commitData(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:1055
Comment 1 Said Abou-Hallawa 2018-03-26 13:37:13 PDT
Created attachment 336538 [details]
Patch
Comment 2 Said Abou-Hallawa 2018-03-26 13:42:28 PDT
<rdar://problem/38845917>
Comment 3 EWS Watchlist 2018-03-26 17:40:24 PDT
Comment on attachment 336538 [details]
Patch

Attachment 336538 [details] did not pass win-ews (win):
Output: http://webkit-queues.webkit.org/results/7107889

New failing tests:
http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
Comment 4 EWS Watchlist 2018-03-26 17:40:35 PDT
Created attachment 336559 [details]
Archive of layout-test-results from ews206 for win-future

The attached test failures were seen while running run-webkit-tests on the win-ews.
Bot: ews206  Port: win-future  Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Comment 5 Said Abou-Hallawa 2018-04-27 16:24:40 PDT
The assertion was removed in <https://trac.webkit.org/changeset/230489>.
Comment 6 Said Abou-Hallawa 2018-04-27 18:48:37 PDT
This does not happen anymore after <https://trac.webkit.org/changeset/230489>.

*** This bug has been marked as a duplicate of bug 184268 ***
Comment 7 Daniel Bates 2018-04-27 19:23:47 PDT
Comment on attachment 336538 [details]
Patch

Clearing review flag.