190040 – Crash under WebCore::deleteCookiesForHostnames()

Bug 190040 - Crash under WebCore::deleteCookiesForHostnames()

Summary: Crash under WebCore::deleteCookiesForHostnames()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-09-27 09:22 PDT by Chris Dumez
Modified:	2018-09-27 10:06 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (1.95 KB, patch) 2018-09-27 09:25 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2018-09-27 09:22:02 PDT

Crash under WebCore::deleteCookiesForHostnames():
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000010
VM Region Info: 0x10 is not in any region.  Bytes before following region: 4364959728
      REGION TYPE                      START - END             [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                 00000001042c0000-00000001042c4000 [   16K] r-x/r-x SM=COW  ...it.Networking

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread:  0

Filtered syslog:
None found

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   WebCore                       	0x000000018b566744 WTF::HashTableAddResult<WTF::HashTableIterator<WTF::String, WTF::KeyValuePair<WTF::String, WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> > >, WTF::StringHash, WTF::HashMap<WTF::String, WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> > >::KeyValuePairTraits, WTF::HashTraits<WTF::String> > > WTF::HashMap<WTF::String, WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> > >::add<WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >(WTF::String&&, WTF::Vector<WTF::RetainPtr<NSHTTPCookie>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 116 (StringImpl.h:301)
1   WebCore                       	0x000000018b5660d4 WebCore::deleteCookiesForHostnames(WebCore::NetworkStorageSession const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 348 (CookieJarMac.mm:356)
2   WebCore                       	0x000000018b5660d4 WebCore::deleteCookiesForHostnames(WebCore::NetworkStorageSession const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 348 (CookieJarMac.mm:356)
3   WebKit                        	0x00000001926f0db8 WebKit::NetworkProcess::deleteWebsiteDataForOrigins(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::Vector<WebCore::SecurityOriginData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, unsigned long long) + 88 (NetworkProcess.cpp:498)
4   WebKit                        	0x00000001926f97e4 void IPC::handleMessage<Messages::NetworkProcess::DeleteWebsiteDataForOrigins, WebKit::NetworkProcess, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::Vector<WebCore::SecurityOriginData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, unsigned long long)>(IPC::Decoder&, WebKit::NetworkProcess*, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::Vector<WebCore::SecurityOriginData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, unsigned long long)) + 112 (HandleMessage.h:46)
5   WebKit                        	0x000000019266dd18 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164 (Connection.cpp:901)
6   WebKit                        	0x00000001926706f8 IPC::Connection::dispatchOneMessage() + 232 (Connection.cpp:959)
7   JavaScriptCore                	0x000000018a4b5f5c WTF::RunLoop::performWork() + 196 (Function.h:56)
8   JavaScriptCore                	0x000000018a4b61b4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
9   CoreFoundation                	0x00000001826acd54 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1982)
10  CoreFoundation                	0x00000001826ac57c __CFRunLoopDoSources0 + 276 (CFRunLoop.c:2017)
11  CoreFoundation                	0x00000001826aa0ec __CFRunLoopRun + 1204 (CFRunLoop.c:2920)
12  CoreFoundation                	0x00000001825ca1c8 CFRunLoopRunSpecific + 552 (CFRunLoop.c:3245)
13  Foundation                    	0x0000000183040114 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (NSRunLoop.m:367)
14  Foundation                    	0x0000000183091d80 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:389)
15  libxpc.dylib                  	0x0000000182376cb8 _xpc_objc_main + 516 (main.m:167)
16  libxpc.dylib                  	0x0000000182378d8c xpc_main + 180 (init.c:1476)
17  com.apple.WebKit.Networking   	0x00000001042c35ac main + 380 (XPCServiceMain.mm:148)
18  libdyld.dylib                 	0x0000000182069fbc start + 4

Comment 1 Chris Dumez 2018-09-27 09:22:20 PDT

<rdar://problem/38020368>

Comment 2 Chris Dumez 2018-09-27 09:25:33 PDT

Created attachment 350968 [details]
Patch

Comment 3 WebKit Commit Bot 2018-09-27 10:06:37 PDT

Comment on attachment 350968 [details]
Patch

Clearing flags on attachment: 350968

Committed r236556: <https://trac.webkit.org/changeset/236556>

Comment 4 WebKit Commit Bot 2018-09-27 10:06:38 PDT

All reviewed patches have been landed.  Closing bug.