260033 – Crash under IPC::Connection::setOutgoingMessageQueueIsGrowingLargeCallback()'s lambda

Bug 260033 - Crash under IPC::Connection::setOutgoingMessageQueueIsGrowingLargeCallback()'s lambda

Summary: Crash under IPC::Connection::setOutgoingMessageQueueIsGrowingLargeCallback()'...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-08-10 11:09 PDT by Chris Dumez
Modified:	2023-08-10 12:34 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2023-08-10 11:09:53 PDT

Crash under IPC::Connection::setOutgoingMessageQueueIsGrowingLargeCallback()'s lambda:
```
Thread 7 Crashed::  Dispatch queue: com.apple.WebKit.Storage.2.00
0   JavaScriptCore                	       0x1376a483c WTFCrash + 24 (Assertions.cpp:327)
1   WebKit                        	       0x1187b9484 WTFCrashWithInfo(int, char const*, char const*, int) + 36 (Assertions.h:762)
2   WebKit                        	       0x11982e6ac WTF::WeakPtr<WebKit::NetworkConnectionToWebProcess, WTF::DefaultWeakPtrImpl>::operator->() const + 120 (WeakPtr.h:138)
3   WebKit                        	       0x11982e574 WebKit::NetworkConnectionToWebProcess::NetworkConnectionToWebProcess(WebKit::NetworkProcess&, WTF::ObjectIdentifierGeneric<WebCore::ProcessIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, PAL::SessionID, WebKit::NetworkProcessConnectionParameters&&, IPC::Connection::Identifier)::$_10::operator()() const + 48 (NetworkConnectionToWebProcess.cpp:157)
4   WebKit                        	       0x11982e424 WTF::Detail::CallableWrapper<WebKit::NetworkConnectionToWebProcess::NetworkConnectionToWebProcess(WebKit::NetworkProcess&, WTF::ObjectIdentifierGeneric<WebCore::ProcessIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, PAL::SessionID, WebKit::NetworkProcessConnectionParameters&&, IPC::Connection::Identifier)::$_10, void>::call() + 32 (Function.h:53)
5   WebKit                        	       0x1187cb2f8 WTF::Function<void ()>::operator()() const + 172 (Function.h:82)
6   WebKit                        	       0x11b8bd65c IPC::Connection::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<WTF::Thread::QOS>) + 1620 (Connection.cpp:584)
7   WebKit                        	       0x11b8bc984 IPC::Connection::sendSyncReply(WTF::UniqueRef<IPC::Encoder>&&) + 84 (Connection.cpp:626)
8   WebKit                        	       0x118eead9c auto void IPC::handleMessageAsync<Messages::NetworkStorageManager::SetItem, WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String&&, WTF::String&&, WTF::String&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&)>(IPC::Connection&, IPC::Decoder&, WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String&&, WTF::String&&, WTF::String&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&))::'lambda'(auto&&...)::operator()<bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>>(auto&&...) + 180 (HandleMessage.h:313)
9   WebKit                        	       0x118eeabd8 WTF::Detail::CallableWrapper<void IPC::handleMessageAsync<Messages::NetworkStorageManager::SetItem, WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String&&, WTF::String&&, WTF::String&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&)>(IPC::Connection&, IPC::Decoder&, WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String&&, WTF::String&&, WTF::String&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&))::'lambda'(auto&&...), void, bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&>::call(bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&) + 52 (Function.h:53)
10  WebKit                        	       0x119e128f8 WTF::Function<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>::operator()(bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&) const + 196 (Function.h:82)
11  WebKit                        	       0x119dbd6f4 WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>::operator()(bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&) + 160 (CompletionHandler.h:75)
12  WebKit                        	       0x119dbd5e8 WebKit::NetworkStorageManager::setItem(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String&&, WTF::String&&, WTF::String&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&) + 508 (NetworkStorageManager.cpp:1357)
13  WebKit                        	       0x118eebb58 auto void IPC::callMemberFunction<WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String&&, WTF::String&&, WTF::String&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String, WTF::String, WTF::String>, void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>(WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String&&, WTF::String&&, WTF::String&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&), IPC::Connection&, std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String, WTF::String, WTF::String>&&, WTF::CompletionHandler<void (bool, WTF::HashMap<WTF::String, WTF::String, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTableTraits>&&)>&&)::'lambda'(auto&&...)::operator()<WTF::ObjectIdentifierGeneric<WebKit::StorageAreaIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, WTF::ObjectIdentifierGeneric<WebKit::StorageAreaImplIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WTF::String, WTF::String, WTF::String>(auto&&...) const + 252 (HandleMessage.h:158)
```

Comment 1 Chris Dumez 2023-08-10 11:13:03 PDT

Pull request: https://github.com/WebKit/WebKit/pull/16573

Comment 2 EWS 2023-08-10 12:33:01 PDT

Committed 266773@main (bd5d32f902e1): <https://commits.webkit.org/266773@main>

Reviewed commits have been landed. Closing PR #16573 and removing active labels.

Comment 3 Radar WebKit Bug Importer 2023-08-10 12:34:17 PDT

<rdar://problem/113708285>