43306 – Crash due to calling StringImpl::createCFString() from non-main thread in plug-in code

Bug 43306 - Crash due to calling StringImpl::createCFString() from non-main thread in plug-in code

Summary: Crash due to calling StringImpl::createCFString() from non-main thread in plu...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2010-07-31 15:39 PDT by Sam Weinig
Modified:	2010-07-31 17:42 PDT (History)
CC List:	0 users

See Also:

Attachments
Patch (4.54 KB, patch) 2010-07-31 17:33 PDT, Sam Weinig	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam Weinig 2010-07-31 15:39:20 PDT

Crash due to calling StringImpl::createCFString() from non-main thread in plug-in code.


Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x00000001004aabfe WTF::isMainThread() + 147 (MainThreadMac.mm:136)
1   com.apple.WebCore             	0x00000001015d64a0 WebCore::StringImpl::createCFString() + 28 (StringImplCF.cpp:136)
2   com.apple.WebCore             	0x00000001015d67d1 WebCore::StringImpl::operator NSString*() + 21 (StringImplMac.mm:30)
3   com.apple.WebCore             	0x0000000100ae203d WebCore::String::operator NSString*() const + 55 (WTFString.h:264)
4   com.apple.WebCore             	0x000000010136f6ae WebCore::MIMETypeRegistry::getMIMETypeForExtension(WebCore::String const&) + 42 (MIMETypeRegistryMac.mm:37)
5   com.apple.WebKit2             	0x0000000100035602 WebKit::PluginInfoStore::findPlugin(WebCore::String&, WebCore::KURL const&) + 324 (PluginInfoStore.cpp:174)
6   com.apple.WebKit2             	0x0000000100083c10 WebKit::WebProcessProxy::getPluginHostConnection(WebCore::String const&, WebCore::KURL const&, WebCore::String&) + 76 (WebProcessProxy.cpp:198)
7   com.apple.WebKit2             	0x0000000100083e58 WebKit::WebProcessProxy::didReceiveSyncMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*, CoreIPC::ArgumentEncoder*) + 422 (WebProcessProxy.cpp:348)
8   com.apple.WebKit2             	0x000000010001a387 CoreIPC::Connection::dispatchMessages() + 357 (Connection.cpp:264)
...

Comment 1 Sam Weinig 2010-07-31 15:40:27 PDT

<rdar://problem/8259687>

Comment 2 Sam Weinig 2010-07-31 17:33:28 PDT

Created attachment 63165 [details]
Patch

Comment 3 Darin Adler 2010-07-31 17:34:43 PDT

Comment on attachment 63165 [details]
Patch

Won't this leave Windows broken?

Comment 4 Sam Weinig 2010-07-31 17:42:10 PDT

(In reply to comment #3)
> (From update of attachment 63165 [details])
> Won't this leave Windows broken?

I don't think it should, there is a default implementation in PluginInfoStore.cpp that is wrapped in #if !PLATFORM(MAC) that calls the MIMETypeRegistry and the windows implementation does not convert to a CFStringRef in it.

Comment 5 Sam Weinig 2010-07-31 17:42:57 PDT

Landed in r64430.