Bug 213751 - Crash under IPC::isValidMessageName()
Summary: Crash under IPC::isValidMessageName()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-06-29 13:31 PDT by Chris Dumez
Modified: 2020-07-01 09:14 PDT (History)
4 users (show)

See Also:

Attachments
Patch (7.95 KB, patch)
2020-06-29 13:46 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (28.67 KB, patch)
2020-06-29 14:32 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (27.44 KB, patch)
2020-06-29 14:44 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2020-06-29 13:31:03 PDT 
Crash under IPC::isValidMessageName():
Thread 19 Crashed:: Dispatch queue: com.apple.IPC.ReceiveQueue
0   com.apple.WebKit              	0x00007fff39e46ffd IPC::isValidMessageName(IPC::MessageName) + 469
1   com.apple.WebKit              	0x00007fff39d994b2 IPC::Decoder::Decoder(unsigned char const*, unsigned long, void (*)(unsigned char const*, unsigned long), WTF::Vector<IPC::Attachment, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 292
2   com.apple.WebKit              	0x00007fff39d99358 IPC::Decoder::create(unsigned char const*, unsigned long, void (*)(unsigned char const*, unsigned long), WTF::Vector<IPC::Attachment, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 64
3   com.apple.WebKit              	0x00007fff39e6e13c invocation function for block in IPC::Connection::open() + 508
4   libdispatch.dylib             	0x00007fff6903bfb7 _dispatch_client_callout + 8
5   libdispatch.dylib             	0x00007fff6903e84d _dispatch_continuation_pop + 423
6   libdispatch.dylib             	0x00007fff6904eaed _dispatch_source_invoke + 2079
7   libdispatch.dylib             	0x00007fff69041b5f _dispatch_lane_serial_drain + 263
8   libdispatch.dylib             	0x00007fff69042783 _dispatch_lane_invoke + 375
9   libdispatch.dylib             	0x00007fff6904c1db _dispatch_workloop_worker_thread + 668
10  libsystem_pthread.dylib       	0x00007fff692bb4f2 _pthread_wqthread + 314
11  libsystem_pthread.dylib       	0x00007fff692ba4c3 start_wqthread + 15
Comment 1 Chris Dumez 2020-06-29 13:32:21 PDT 
<rdar://problem/64773416>
Comment 2 Chris Dumez 2020-06-29 13:46:17 PDT 
Created attachment 403108 [details]
Patch
Comment 3 Chris Dumez 2020-06-29 14:32:06 PDT 
Created attachment 403114 [details]
Patch
Comment 4 Chris Dumez 2020-06-29 14:44:11 PDT 
Created attachment 403117 [details]
Patch
Comment 5 Geoffrey Garen 2020-06-29 15:48:44 PDT 
Comment on attachment 403117 [details]
Patch

r=me
Comment 6 EWS 2020-07-01 09:14:41 PDT 
Committed r263807: <https://trac.webkit.org/changeset/263807>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 403117 [details].