222841 – Potential crash under NotificationPermissionRequestManagerProxy::invalidateRequests()

Bug 222841 - Potential crash under NotificationPermissionRequestManagerProxy::invalidateRequests()

Summary: Potential crash under NotificationPermissionRequestManagerProxy::invalidateRe...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-03-05 16:46 PST by Chris Dumez
Modified:	2021-03-05 18:56 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (1.88 KB, patch) 2021-03-05 16:54 PST, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2021-03-05 16:46:51 PST

Potential crash under NotificationPermissionRequestManagerProxy::invalidateRequests():
Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread
8   com.apple.WebKit              	0x000000012f762f1c bool WTF::HashTraitsEmptyValueChecker<WTF::HashTraits<unsigned long long>, false>::isEmptyValue<unsigned long long>(unsigned long long const&) + 76
9   com.apple.WebKit              	0x000000012f762ebf bool WTF::isHashTraitsEmptyValue<WTF::HashTraits<unsigned long long>, unsigned long long>(unsigned long long const&) + 15
10  com.apple.WebKit              	0x0000000131738287 WTF::HashTable<unsigned long long, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> >, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::isEmptyBucket(WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > const&) + 23
11  com.apple.WebKit              	0x0000000131738244 WTF::HashTable<unsigned long long, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> >, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::isEmptyOrDeletedBucket(WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > const&) + 20
12  com.apple.WebKit              	0x00000001317381b5 WTF::HashTableConstIterator<unsigned long long, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> >, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::skipEmptyBuckets() + 85
13  com.apple.WebKit              	0x0000000131738439 WTF::HashTableConstIterator<unsigned long long, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> >, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::operator++() + 57
14  com.apple.WebKit              	0x00000001317383f4 WTF::HashTableIterator<unsigned long long, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> >, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::operator++() + 20
15  com.apple.WebKit              	0x00000001317383c8 WTF::HashTableIteratorAdapter<WTF::HashTable<unsigned long long, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> >, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::operator++() + 24
16  com.apple.WebKit              	0x0000000131721de4 WTF::HashTableValuesIterator<WTF::HashTable<unsigned long long, WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> >, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >, unsigned long long, WTF::RefPtr<WebKit::NotificationPermissionRequest, WTF::RawPtrTraits<WebKit::NotificationPermissionRequest>, WTF::DefaultRefDerefTraits<WebKit::NotificationPermissionRequest> > >::operator++() + 20
17  com.apple.WebKit              	0x0000000131721a15 WebKit::NotificationPermissionRequestManagerProxy::invalidateRequests() + 373
18  com.apple.WebKit              	0x000000013116978a WebKit::WebPageProxy::resetState(WebKit::WebPageProxy::ResetStateReason) + 810
19  com.apple.WebKit              	0x00000001311b8dc5 WebKit::WebPageProxy::resetStateAfterProcessExited(WebKit::ProcessTerminationReason) + 821
20  com.apple.WebKit              	0x0000000131185322 WebKit::WebPageProxy::processDidTerminate(WebKit::ProcessTerminationReason) + 354
21  com.apple.WebKit              	0x000000013135c80a WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch() + 1754
22  com.apple.WebKit              	0x000000013135bf23 WebKit::WebProcessProxy::didClose(IPC::Connection&) + 323

Comment 1 Chris Dumez 2021-03-05 16:54:42 PST

Created attachment 422454 [details]
Patch

Comment 2 EWS 2021-03-05 18:55:23 PST

Committed r274026: <https://commits.webkit.org/r274026>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 422454 [details].

Comment 3 Radar WebKit Bug Importer 2021-03-05 18:56:16 PST

<rdar://problem/75123049>