Bug 194588 - Crash in WebKit::CacheStorage::Engine::cachesRootPath
Summary: Crash in WebKit::CacheStorage::Engine::cachesRootPath
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Service Workers (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-02-13 03:04 PST by Antti Koivisto
Modified: 2019-02-13 11:25 PST (History)
7 users (show)

See Also:

Attachments
patch (1.32 KB, patch)
2019-02-13 03:14 PST, Antti Koivisto 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Antti Koivisto 2019-02-13 03:04:12 PST 
0   WebKit                        	0x000000019f27d268 WebKit::CacheStorage::Engine::cachesRootPath(WebCore::ClientOrigin const&) + 536 (Optional.h:537)
1   WebKit                        	0x000000019f27d0a0 WebKit::CacheStorage::Engine::cachesRootPath(WebCore::ClientOrigin const&) + 80 (CacheStorageEngine.cpp:61)
2   WebKit                        	0x000000019f28dca0 WTF::Function<void (WTF::Optional<WebCore::DOMCacheEngine::Error>&&)>::CallableWrapper<WebKit::CacheStorage::Engine::readCachesFromDisk(WebCore::ClientOrigin const&, WTF::Function<void (std::experimental::fundamentals_v3::expected<std::__1::reference_wrapper<WebKit::CacheStorage::Caches>, WebCore::DOMCacheEngine::Error>&&)>&&)::$_22>::call(WTF::Optional<WebCore::DOMCacheEngine::Error>&&) + 616 (CacheStorageEngine.cpp:324)
3   WebKit                        	0x000000019f27d34c WebKit::CacheStorage::Engine::~Engine() + 224 (Function.h:56)
4   WebKit                        	0x000000019f288408 WTF::RefCounted<WebKit::CacheStorage::Engine>::deref() const + 32 (CacheStorageEngine.cpp:66)
5   WebKit                        	0x000000019f28c35c WTF::HashTable<PAL::SessionID, WTF::KeyValuePair<PAL::SessionID, WTF::RefPtr<WebKit::CacheStorage::Engine, WTF::DumbPtrTraits<WebKit::CacheStorage::Engine> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<PAL::SessionID, WTF::RefPtr<WebKit::CacheStorage::Engine, WTF::DumbPtrTraits<WebKit::CacheStorage::Engine> > > >, WTF::SessionIDHash, WTF::HashMap<PAL::SessionID, WTF::RefPtr<WebKit::CacheStorage::Engine, WTF::DumbPtrTraits<WebKit::CacheStorage::Engine> >, WTF::SessionIDHash, WTF::HashTraits<PAL::SessionID>, WTF::HashTraits<WTF::RefPtr<WebKit::CacheStorage::Engine, WTF::DumbPtrTraits<WebKit::CacheStorage::Engine> > > >::KeyValuePairTraits, WTF::HashTraits<PAL::SessionID> >::remove(WTF::KeyValuePair<PAL::SessionID, WTF::RefPtr<WebKit::CacheStorage::Engine, WTF::DumbPtrTraits<WebKit::CacheStorage::Engine> > >*) + 36 (RefPtr.h:44)
6   WebKit                        	0x000000019f27d804 WTF::HashMap<PAL::SessionID, WTF::RefPtr<WebKit::CacheStorage::Engine, WTF::DumbPtrTraits<WebKit::CacheStorage::Engine> >, WTF::SessionIDHash, WTF::HashTraits<PAL::SessionID>, WTF::HashTraits<WTF::RefPtr<WebKit::CacheStorage::Engine, WTF::DumbPtrTraits<WebKit::CacheStorage::Engine> > > >::remove(PAL::SessionID const&) + 52 (HashTable.h:1060)
7   WebKit                        	0x000000019f27d7a8 WebKit::CacheStorage::Engine::destroyEngine(PAL::SessionID) + 44 (CacheStorageEngine.cpp:105)
8   WebKit                        	0x000000019f24ca94 WebKit::NetworkProcess::destroySession(PAL::SessionID) + 52 (NetworkProcess.cpp:456)
9   WebKit                        	0x000000019f218e28 WebKit::NetworkProcess::didReceiveNetworkProcessMessage(IPC::Connection&, IPC::Decoder&) + 2480 (HandleMessage.h:41)
Comment 1 Antti Koivisto 2019-02-13 03:08:51 PST 
<rdar://problem/46363997>
Comment 2 Antti Koivisto 2019-02-13 03:14:38 PST 
Created attachment 361907 [details]
patch
Comment 3 youenn fablet 2019-02-13 07:44:39 PST 
cachesRootPath is called from readCachesFromDisk lambda.
Shouldn't we change the readCachesFromDisk lbamda to early return if the lambda receives an error of value Error::Internal.

Error::Internal is not clear in that case, maybe we could introduce an enum for initialize callback, something like { OK, WriteError, BeingDeleted }.
Comment 4 Antti Koivisto 2019-02-13 09:47:57 PST 
Possibly, but this seems like the simplest, safest fix for the branch. Not checking the existence of the salt is dangerous in any case,
Comment 5 youenn fablet 2019-02-13 10:56:30 PST 
(In reply to Antti Koivisto from comment #4)
> Possibly, but this seems like the simplest, safest fix for the branch. Not
> checking the existence of the salt is dangerous in any case,

OK, let's go with this patch and I'll improve it with a follow-up.
Comment 6 youenn fablet 2019-02-13 10:59:51 PST 
(In reply to youenn fablet from comment #5)
> (In reply to Antti Koivisto from comment #4)
> > Possibly, but this seems like the simplest, safest fix for the branch. Not
> > checking the existence of the salt is dangerous in any case,
> 
> OK, let's go with this patch and I'll improve it with a follow-up.

Hum, the potential risk with the current patch is that we proceed with the current flow, execute some callbacks and end up refine the engine even though we are in its destructor.
Comment 7 youenn fablet 2019-02-13 10:59:57 PST 
s/refine/refing
Comment 8 youenn fablet 2019-02-13 11:03:50 PST 
(In reply to youenn fablet from comment #6)
> (In reply to youenn fablet from comment #5)
> > (In reply to Antti Koivisto from comment #4)
> > > Possibly, but this seems like the simplest, safest fix for the branch. Not
> > > checking the existence of the salt is dangerous in any case,
> > 
> > OK, let's go with this patch and I'll improve it with a follow-up.
> 
> Hum, the potential risk with the current patch is that we proceed with the
> current flow, execute some callbacks and end up refine the engine even
> though we are in its destructor.

Theoretical issue currently.
Comment 9 WebKit Commit Bot 2019-02-13 11:24:59 PST 
Comment on attachment 361907 [details]
patch

Clearing flags on attachment: 361907

Committed r241448: <https://trac.webkit.org/changeset/241448>
Comment 10 WebKit Commit Bot 2019-02-13 11:25:01 PST 
All reviewed patches have been landed.  Closing bug.