RESOLVED FIXED222192
Crash under Decoder::Decoder() 
https://bugs.webkit.org/show_bug.cgi?id=222192
Summary Crash under Decoder::Decoder()
Chris Dumez
Reported 2021-02-19 12:42:19 PST
Crash under Decoder::Decoder(): Thread 5 Crashed:: Dispatch queue: com.apple.IPC.ReceiveQueue 0 libsystem_platform.dylib 0x00007fff68833a0c _platform_memmove$VARIANT$Haswell + 268 1 com.apple.WebKit 0x10909d1a8 IPC::Decoder::Decoder(unsigned char const*, unsigned long, void (*)(unsigned char const*, unsigned long), WTF::Vector<IPC::Attachment, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 60 (/Library/Caches/com.apple.xbs/Sources/WebKit2/WebKit2-7611.1.3.5/Platform/IPC/Decoder.cpp:44) 2 com.apple.WebKit 0x10909d136 IPC::Decoder::create(unsigned char const*, unsigned long, void (*)(unsigned char const*, unsigned long), WTF::Vector<IPC::Attachment, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 64 (/Library/Caches/com.apple.xbs/Sources/WebKit2/WebKit2-7611.1.3.5/Platform/IPC/Decoder.cpp:61) 3 com.apple.WebKit 0x10917ab31 invocation function for block in IPC::Connection::open() + 517 (/Library/Caches/com.apple.xbs/Sources/WebKit2/WebKit2-7611.1.3.5/Platform/IPC/cocoa/ConnectionCocoa.mm:420) 4 libdispatch.dylib 0x7fff685e4658 _dispatch_client_callout + 8 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libdispatch/libdispatch-1173.100.2/src/object.m:495)
Attachments
Patch (6.29 KB, patch)
2021-02-19 12:49 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.20 KB, patch)
2021-02-19 18:43 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.15 KB, patch)
2021-02-19 18:47 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.23 KB, patch)
2021-02-19 18:50 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (10.65 KB, patch)
2021-02-19 19:10 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (11.52 KB, patch)
2021-02-19 21:04 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-02-19 12:42:44 PST
<rdar://31392681>
Chris Dumez
Comment 2 2021-02-19 12:49:25 PST
Created attachment 421016 [details] Patch
Geoffrey Garen
Comment 3 2021-02-19 13:37:04 PST
Comment on attachment 421016 [details] Patch r=me
Chris Dumez
Comment 4 2021-02-19 17:43:17 PST
Hmm. Seems to be causing some crashes: Thread 5 Crashed: 0 com.apple.JavaScriptCore 0x0000000102cff616 bmalloc::Deallocator::deallocateSlowCase(void*) + 438 1 com.apple.JavaScriptCore 0x0000000102cfcb75 bmalloc::Allocator::scavenge() + 117 2 com.apple.JavaScriptCore 0x0000000102cfec5c bmalloc::PerThread<bmalloc::PerHeapKind<bmalloc::Cache> >::destructor(void*) + 76 3 libsystem_pthread.dylib 0x00007fff69b3e009 _pthread_tsd_cleanup + 476 4 libsystem_pthread.dylib 0x00007fff69b40512 _pthread_exit + 70 5 libsystem_pthread.dylib 0x00007fff69b3dddd _pthread_wqthread_exit + 77 6 libsystem_pthread.dylib 0x00007fff69b3cafc _pthread_wqthread + 481 7 libsystem_pthread.dylib 0x00007fff69b3bb77 start_wqthread + 15 ------------ Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001085a8436 bmalloc::Deallocator::processObjectLog(std::__1::unique_lock<bmalloc::Mutex>&) + 86 1 com.apple.JavaScriptCore 0x00000001085a6147 bmalloc::Allocator::refillAllocatorSlowCase(bmalloc::BumpAllocator&, unsigned long, bmalloc::FailureAction) + 167 2 com.apple.JavaScriptCore 0x00000001085a6298 bmalloc::Allocator::allocateLogSizeClass(unsigned long, bmalloc::FailureAction) + 216 3 com.apple.WebKit 0x000000010bf4597b WebKit::NetworkProcessProxy::getNetworkProcessConnection(WebKit::WebProcessProxy&, WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&) + 193 4 com.apple.WebKit 0x000000010bfa511f WebKit::WebsiteDataStore::getNetworkProcessConnection(WebKit::WebProcessProxy&, WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&) + 155 5 com.apple.WebKit 0x000000010c1f6ca3 WebKit::WebProcessProxy::didReceiveSyncWebProcessProxyMessage(IPC::Connection&, IPC::Decoder&, std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >&) + 411 6 com.apple.WebKit 0x000000010baff515 IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 279 ----------- Thread 5 Crashed:: Dispatch queue: com.apple.IPC.ReceiveQueue 0 libsystem_platform.dylib 0x00007fff69b34770 _platform_bzero$VARIANT$Ivybridge + 48 1 com.apple.JavaScriptCore 0x000000010224cdfa WTF::fastZeroedMalloc(unsigned long) + 138 2 com.apple.WebKit 0x00000001040c8c05 IPC::MachMessage::create(IPC::MessageName, unsigned long) + 37 3 com.apple.WebKit 0x0000000103f85217 IPC::Connection::sendOutgoingMessage(std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >) + 201 4 com.apple.WebKit 0x0000000103e79398 IPC::Connection::sendOutgoingMessages() + 194 I must have messaged up something really bad :S
Chris Dumez
Comment 5 2021-02-19 18:43:52 PST
Created attachment 421067 [details] Patch
Chris Dumez
Comment 6 2021-02-19 18:47:05 PST
Created attachment 421068 [details] Patch
Chris Dumez
Comment 7 2021-02-19 18:50:47 PST
Created attachment 421069 [details] Patch
Chris Dumez
Comment 8 2021-02-19 19:10:43 PST
Created attachment 421070 [details] Patch
Chris Dumez
Comment 9 2021-02-19 21:04:11 PST
Created attachment 421078 [details] Patch
EWS
Comment 10 2021-02-19 22:56:12 PST
Committed r273196: <https://commits.webkit.org/r273196> All reviewed patches have been landed. Closing bug and clearing flags on attachment 421078 [details].
Note You need to log in before you can comment on or make changes to this bug.