[Webkit-unassigned] [Bug 112729] [GTK] Web Process crash when the UI process finishes too early

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 5 12:02:23 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=112729


Lauro Moura Maranhao Neto <lauro.neto at openbossa.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lauro.neto at openbossa.org,
                   |                            |rafael.lobo at openbossa.org,
                   |                            |sergio.correia at openbossa.or
                   |                            |g




--- Comment #4 from Lauro Moura Maranhao Neto <lauro.neto at openbossa.org>  2013-04-05 12:00:35 PST ---
Also, I've tested this patch with the Nix test I posted on bug #85066 [1] and it works almost fine. Sometimes the Connection's WorkQueue would lock in infinite poll calls when doing series of instant crash/respawn of the WebProcess. I think this happens because ProcessLauncherGtk.cpp::childFinishedFunction can close the socket in another thread while it's being polled by the Connection's WorkQueue.

>From the close(2) man page:
"It  is  probably  unwise to close file descriptors while they may be in use by system calls in other threads in the same process.  Since a file descriptor may be reused, there  are  some  obscure race conditions that may cause unintended side effects."

Should I open a separate bug for this? I'll try to trigger this condition in WebKitGtk+ using a modified version of WK2's MouseMoveAfterCrash.cpp.

[1] https://github.com/WebKitNix/webkitnix/blob/master/Tools/TestWebKitAPI/Tests/nix/WebViewWebProcessCrashed.cpp

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list