[Webkit-unassigned] [Bug 72392] New: [Qt] [WK2] Crash in Connection::readyReadHandler() on socket error

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 15 09:45:22 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=72392

           Summary: [Qt] [WK2] Crash in Connection::readyReadHandler() on
                    socket error
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: Qt
          Severity: Normal
          Priority: P3
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ostapenko.viatcheslav at nokia.com
                CC: kimmo.t.kinnunen at nokia.com


Crash happens randomly on webprocess exit.

Call stack:
0    QSocketNotifier::setEnabled    qsocketnotifier.cpp    259    0xb2ff1b6d    
1    CoreIPC::SocketNotifierResourceGuard::~SocketNotifierResourceGuard    ConnectionUnix.cpp    170    0xb53d6803    
2    CoreIPC::Connection::readyReadHandler    ConnectionUnix.cpp    370    0xb53d754a    
3    MemberFunctionWorkItem0<CoreIPC::Connection>::execute    WorkItem.h    79    0xb53d6081    
4    WorkQueue::WorkItemQt::execute    WorkQueueQt.cpp    65    0xb53dd2e2    
5    WorkQueue::WorkItemQt::qt_static_metacall    WorkQueueQt.moc    50    0xb53dd97b    
6    QMetaCallEvent::placeMetaCall    qobject.cpp    529    0xb2fe4872    
7    QObject::event    qobject.cpp    1111    0xb2fe5493    
8    QApplicationPrivate::notify_helper    qapplication.cpp    4080    0xb3d98486    
9    QApplication::notify    qapplication.cpp    3497    0xb3d95e87    
10    QCoreApplication::notifyInternal    qcoreapplication.cpp    830    0xb2fc52ae    
11    QCoreApplication::sendEvent    qcoreapplication.h    205    0xb53583fb    
12    QCoreApplicationPrivate::sendPostedEvents    qcoreapplication.cpp    1472    0xb2fc6193    
13    QEventDispatcherUNIX::processEvents    qeventdispatcher_unix.cpp    908    0xb300e1cd    
14    QEventLoop::processEvents    qeventloop.cpp    149    0xb2fc2dd5    
15    QEventLoop::exec    qeventloop.cpp    225    0xb2fc3036    
16    QThread::exec    qthread.cpp    495    0xb2ea7b3b    
17    QThread::run    qthread.cpp    562    0xb2ea7cbb    
18    QThreadPrivate::start    qthread_unix.cpp    298    0xb2ea9db7    
19    start_thread    /lib/i386-linux-gnu/libpthread.so.0    0    0xb2d2bd31    
20    clone    /lib/i386-linux-gnu/libc.so.6    0    0xb4cb20ce    

What happens here:
1. socketNotifierEnabler keep hold on m_socketNotifier until Connection::readyReadHandler() runs and stores m_socketNotifier pointer internally.
2. If socket read error occurs connectionDidClose get called, which calls platformInvalidate and m_socketNotifier gets deleted.
3. On exit socketNotifierEnabler tries to call setEnabled on already deleted m_socketNotifier instance using internally stored pointer.

Probably that the reason of crash Kimmo mentions here as race condition: https://bugs.webkit.org/show_bug.cgi?id=54938

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list