UNCONFIRMED 70423
ThreadRestrictionVerifier assertion failure in FormData callback
https://bugs.webkit.org/show_bug.cgi?id=70423
Summary ThreadRestrictionVerifier assertion failure in FormData callback
Dimitris Apostolou
Reported 2011-10-19 08:53:58 PDT
Created attachment 111629 [details] Crash log. r97844 Reproducibility: always Steps: Add an attachment in JIRA 4.3 What happened: As soon as the file is uploaded and attached, WebKit throws and assert failure and crashes. ASSERTION FAILED: m_verifier.isSafeToUse() /Users/rex/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/RefCounted.h(122) : bool WTF::RefCountedBase::derefBase() 1 0x10c08ad90 WTF::RefCountedBase::derefBase() 2 0x10c14133f WTF::RefCounted<WebCore::FormData>::deref() 3 0x10c141316 void WTF::derefIfNotNull<WebCore::FormData>(WebCore::FormData*) 4 0x10c1412e8 WTF::RefPtr<WebCore::FormData>::~RefPtr() 5 0x10c1412c5 WTF::RefPtr<WebCore::FormData>::~RefPtr() 6 0x10c6d7c4c std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >::~pair() 7 0x10c6d7b65 std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >::~pair() 8 0x10c6df085 WTF::HashTable<__CFReadStream*, std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >, WTF::PairFirstExtractor<std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> > >, WTF::PtrHash<__CFReadStream*>, WTF::PairHashTraits<WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >, WTF::HashTraits<__CFReadStream*> >::deleteBucket(std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >&) 9 0x10c6df021 WTF::HashTable<__CFReadStream*, std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >, WTF::PairFirstExtractor<std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> > >, WTF::PtrHash<__CFReadStream*>, WTF::PairHashTraits<WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >, WTF::HashTraits<__CFReadStream*> >::remove(std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >*) 10 0x10c6def4d WTF::HashTable<__CFReadStream*, std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >, WTF::PairFirstExtractor<std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> > >, WTF::PtrHash<__CFReadStream*>, WTF::PairHashTraits<WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >, WTF::HashTraits<__CFReadStream*> >::removeAndInvalidateWithoutEntryConsistencyCheck(std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >*) 11 0x10c6deef9 WTF::HashTable<__CFReadStream*, std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >, WTF::PairFirstExtractor<std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> > >, WTF::PtrHash<__CFReadStream*>, WTF::PairHashTraits<WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >, WTF::HashTraits<__CFReadStream*> >::removeWithoutEntryConsistencyCheck(WTF::HashTableIterator<__CFReadStream*, std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >, WTF::PairFirstExtractor<std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> > >, WTF::PtrHash<__CFReadStream*>, WTF::PairHashTraits<WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >, WTF::HashTraits<__CFReadStream*> >) 12 0x10c6de454 WTF::HashMap<__CFReadStream*, WTF::RefPtr<WebCore::FormData>, WTF::PtrHash<__CFReadStream*>, WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >::remove(WTF::HashTableIteratorAdapter<WTF::HashTable<__CFReadStream*, std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> >, WTF::PairFirstExtractor<std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> > >, WTF::PtrHash<__CFReadStream*>, WTF::PairHashTraits<WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >, WTF::HashTraits<__CFReadStream*> >, std::pair<__CFReadStream*, WTF::RefPtr<WebCore::FormData> > >) 13 0x10c6de0f4 WTF::HashMap<__CFReadStream*, WTF::RefPtr<WebCore::FormData>, WTF::PtrHash<__CFReadStream*>, WTF::HashTraits<__CFReadStream*>, WTF::HashTraits<WTF::RefPtr<WebCore::FormData> > >::remove(__CFReadStream* const&) 14 0x10c6d6093 _ZN7WebCoreL12formFinalizeEP14__CFReadStreamPv 15 0x109ed49f2 __CFStreamDeallocate 16 0x109ea8256 CFRelease 17 0x11142b622 spoolingFinalize 18 0x109ed49f2 __CFStreamDeallocate 19 0x109ea8256 CFRelease 20 0x113c7191b HTTPRequest::~HTTPRequest() 21 0x109ea8256 CFRelease 22 0x113c4ce02 URLRequest::~URLRequest() 23 0x109ea8256 CFRelease 24 0x113c70e07 URLProtocol::~URLProtocol() 25 0x109ea8256 CFRelease 26 0x109ed78d5 __CFBasicHashReplaceValue 27 0x109eaca8c CFDictionarySetValue 28 0x113c5689f SocketStream::setProperty(void const*, __CFString const*, void const*) 29 0x113c567e0 virtual thunk to SocketStream::setProperty(void const*, __CFString const*, void const*) 30 0x113c5738f ReadStreamCallbacks::_setProperty(__CFReadStream*, __CFString const*, void const*, void*) 31 0x109f468c4 CFReadStreamSetProperty Expected result: WebKit does not crash.
Attachments
Crash log. (49.95 KB, text/plain)
2011-10-19 08:53 PDT, Dimitris Apostolou
no flags
Alexey Proskuryakov
Comment 1 2011-10-19 12:28:35 PDT
Dave, does this look like a real bug, or a false positive? It's expected that FormData callbacks are made on secondary thread. Maybe FormData should be ThreadSafeRefCounted?
David Levin
Comment 2 2011-10-19 12:35:38 PDT
(In reply to comment #1) > Dave, does this look like a real bug, or a false positive? It's expected that FormData callbacks are made on secondary thread. Maybe FormData should be ThreadSafeRefCounted? At first glance it looks like a real bug, and making FormData ThreadSafeRefCounted would fix it. It wouldn't be a real bug 1. if there were some mechanism like locks, etc. which guarded the ref counting but I don't see a place in this call stack that would do the locking. OR 2. If the FormData were not referenced on the main thread at all at this point. (The assert only gets triggered if the ref count is 2 at present so at least two things are referencing it.) I'm not familiar enough with the design in FormData to know if either of those is true.
Note You need to log in before you can comment on or make changes to this bug.