RESOLVED FIXED285539
Sometimes a null port can get sent over to create a SharedMemoryHandle, this asserts on the constructor 
https://bugs.webkit.org/show_bug.cgi?id=285539
Summary Sometimes a null port can get sent over to create a SharedMemoryHandle, this ...
Pedro Varangot
Reported 2025-01-07 10:14:41 PST
This was found to crash some IPC tests. Example full stack trace of crash: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x134ddab80 WTFCrashWithInfo(int, char const*, char const*, int) + 8 (Assertions.h:902) [inlined] 1 WebCore 0x134ddab80 WebCore::SharedMemoryHandle::SharedMemoryHandle(WTF::MachSendRight&&, unsigned long) + 416 (SharedMemory.cpp:52) 2 WebKit 0x10c6f1848 IPC::ArgumentCoder<WebCore::SharedMemoryHandle, void>::decode(IPC::Decoder&) + 404 (GeneratedSerializers.mm:31115) 3 WebKit 0x1103d9b50 std::__1::optional<WebCore::SharedMemoryHandle> IPC::Decoder::decode<WebCore::SharedMemoryHandle>() + 52 (Decoder.h:136) 4 WebKit 0x1103d9850 IPC::ArgumentCoder<IPC::StreamServerConnectionHandle, void>::decode(IPC::Decoder&) + 136 (GeneratedSerializers.mm:6974) 5 WebKit 0x110429828 std::__1::optional<IPC::StreamServerConnectionHandle> IPC::Decoder::decode<IPC::StreamServerConnectionHandle>() + 48 (Decoder.h:136) 6 WebKit 0x10d787918 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>> IPC::ArgumentCoder<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>, void>::decode<IPC::Decoder, WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>>(IPC::Decoder&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>>&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>>&&) + 20 (ArgumentCoders.h:367) [inlined] 7 WebKit 0x10d787918 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>> IPC::ArgumentCoder<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>, void>::decode<IPC::Decoder, WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>>(IPC::Decoder&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>>&&) + 316 (ArgumentCoders.h:370) 8 WebKit 0x10d787570 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>> IPC::ArgumentCoder<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>, void>::decode<IPC::Decoder>(IPC::Decoder&) + 36 (ArgumentCoders.h:370) [inlined] 9 WebKit 0x10d787570 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>> IPC::Decoder::decode<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle>>() + 88 (Decoder.h:136) 10 WebKit 0x10d76eba4 void IPC::handleMessage<Messages::GPUConnectionToWebProcess::CreateGPU, IPC::Connection, WebKit::GPUConnectionToWebProcess, WebKit::GPUConnectionToWebProcess, void (WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle&&)>(IPC::Connection&, IPC::Decoder&, WebKit::GPUConnectionToWebProcess*, void (WebKit::GPUConnectionToWebProcess::*)(WTF::ObjectIdentifierGeneric<WebKit::WebGPUIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, WTF::ObjectIdentifierGeneric<WebKit::RenderingBackendIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>, unsigned long long>, IPC::StreamServerConnectionHandle&&)) + 160 (HandleMessage.h:225) 11 WebKit 0x1104354bc WebKit::GPUConnectionToWebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 808 (GPUConnectionToWebProcessMessageReceiver.cpp:109) 12 WebKit 0x1102fcb6c IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) + 784 (Connection.cpp:1430) 13 WebKit 0x1102fd0d8 IPC::Connection::dispatchOneIncomingMessage() + 376 (Connection.cpp:1501) 14 JavaScriptCore 0x11a23564c WTF::Function<void ()>::operator()() const + 84 (Function.h:82) [inlined] 15 JavaScriptCore 0x11a23564c WTF::RunLoop::performWork() + 1816 (RunLoop.cpp:147) 16 JavaScriptCore 0x11a2381ec WTF::RunLoop::performWork(void*) + 136 (RunLoopCF.cpp:46) 17 CoreFoundation 0x18ed45044 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 18 CoreFoundation 0x18ed44fd8 __CFRunLoopDoSource0 + 172 19 CoreFoundation 0x18ed44d44 __CFRunLoopDoSources0 + 232 20 CoreFoundation 0x18ed43998 __CFRunLoopRun + 840 21 CoreFoundation 0x18ed42fc8 CFRunLoopRunSpecific + 572 22 Foundation 0x18ffeca78 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 23 Foundation 0x19006458c -[NSRunLoop(NSRunLoop) run] + 64 24 libxpc.dylib 0x18e967a20 _xpc_objc_main + 700 25 libxpc.dylib 0x18e977cd4 _xpc_main + 40 26 libxpc.dylib 0x18e9675c0 xpc_main + 64 27 WebKit 0x10d9447c4 WebKit::XPCServiceMain(int, char const**) + 164 (XPCServiceMain.mm:279) 28 dyld 0x18e8b6ea8 start + 6860
Attachments
Add attachment proposed patch, testcase, etc.
Pedro Varangot
Comment 1 2025-01-07 12:24:51 PST
<rdar://problem/139876500>
EWS
Comment 2 2025-01-07 22:49:41 PST
Committed 288584@main (3824d61a6131): <https://commits.webkit.org/288584@main> Reviewed commits have been landed. Closing PR #38669 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.