Created attachment 355089 [details] Test case If a DownloadProxy is invalidated while the DownloadClient is deciding the destination, then the app will crash when the decision handler is called. The troublesome line of code is in DownloadProxy::decideDestinationWithSuggestedFilenameAsync: if (auto* networkProcess = m_processPool->networkProcess()) m_processPool is null (due to the DownloadProxyMap invalidating the proxy when the download is canceled), so you get an invalid memory access trying to get the process pool's m_networkProcess. So if you get unlucky and the UI process gets notified that the download has been canceled while the destination decision handler is still outstanding, you have three terrible options: - Call the decision handler and crash. - Don't call the decision handler, and crash due to CompletionHandlerCallChecker getting upset. - Strategically deallocate the handler block and @try/@catch the resulting exception to stay alive. The code in decideDestinationWithSuggestedFilenameAsync()'s handler should check that m_processPool in non-null before trying to access its network process.