WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
213526
REGRESSION (
r263328
): Crash in bool WTF::WeakHashSet<WebKit::AudioSessionRoutingArbitratorProxy, WTF::EmptyCounter>::contains<WebKit::AudioSessionRoutingArbitratorProxy> const
https://bugs.webkit.org/show_bug.cgi?id=213526
Summary
REGRESSION (r263328): Crash in bool WTF::WeakHashSet<WebKit::AudioSessionRout...
Jer Noble
Reported
2020-06-23 12:29:30 PDT
REGRESSION (
r263328
): Crash in bool WTF::WeakHashSet<WebKit::AudioSessionRoutingArbitratorProxy, WTF::EmptyCounter>::contains<WebKit::AudioSessionRoutingArbitratorProxy> const
Attachments
Patch
(2.76 KB, patch)
2020-06-23 12:31 PDT
,
Jer Noble
no flags
Details
Formatted Diff
Diff
Patch
(2.76 KB, patch)
2020-06-23 13:53 PDT
,
Jer Noble
no flags
Details
Formatted Diff
Diff
Patch
(1.60 KB, patch)
2020-06-23 23:34 PDT
,
Jer Noble
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Jer Noble
Comment 1
2020-06-23 12:30:04 PDT
<
rdar://problem/64591777
>
Jer Noble
Comment 2
2020-06-23 12:31:57 PDT
Created
attachment 402582
[details]
Patch
Jer Noble
Comment 3
2020-06-23 13:53:42 PDT
Created
attachment 402588
[details]
Patch
Jer Noble
Comment 4
2020-06-23 15:20:49 PDT
No crashes when running tests locally.
Jer Noble
Comment 5
2020-06-23 23:17:09 PDT
Whelp, I updated sources, re-built, and re-ran tests and crashes aplenty. The crash log shows an assertion in the UniqueRef operator->() called from WebProcessProxy::shutDown(). So the underlying cause /must/ be that WebProcessProxy was dealloc'd (and it's UniqueRef member's destructor called) sometime before shutDown().
Jer Noble
Comment 6
2020-06-23 23:19:46 PDT
Oh! I bet WebProcessPool::disconnectProcess(WebProcessProxy*) has the side-effect of destroying the WebProcessProxy! And the next line is the UniqueRef operator->() which is showing a crash result. That means the underlying problem has nothing to do with the ASSERT in the patch above, but instead that any call after disconnectProcess(this) is a potential unsafe access of freed memory.
Jer Noble
Comment 7
2020-06-23 23:34:39 PDT
Created
attachment 402624
[details]
Patch
Jer Noble
Comment 8
2020-06-23 23:55:26 PDT
The above fix definitely eliminated all the crashes seen previously when running run-webkit-tests against a release build.
EWS
Comment 9
2020-06-24 08:24:50 PDT
Committed
r263456
: <
https://trac.webkit.org/changeset/263456
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 402624
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug