[Webkit-unassigned] [Bug 112729] New: [GTK] Web Process crash when the UI process finishes too early

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 19 11:58:05 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=112729

           Summary: [GTK] Web Process crash when the UI process finishes
                    too early
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P2
         Component: WebKit2
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: cgarcia at igalia.com


It finishes with the following error:

(WebKitWebProcess:16101): GLib-GIO-ERROR **: creating GSocket from fd 11: Bad file descriptor

The problem is when creating the GSocket in the WorkQeue for the socket descriptor. GLib considers a programmer error to create a GSocket providing an invalid socket and finishes the process with g_error(). We are actually providing a valid socket when creating the GSocket, but it can be invalidated by the worker thread while the GSocket is being created. This is because registerEventSourceHandler is called from the main thread and unregisterEventSourceHandler can be called from the worker thread. We are currently registering two even handlers, one to read data from the socket and another one to close the wk connection when the socket connection is broken. Every event source registered uses its own GSocket (even if the file descriptor is actually the same), so that when the UI process finishes too early, the first event handler can be executed in the worker thread, closing the socket descriptor, while the main thread is creating the GSocket for the second one. 
We don't really need to use a separate event handler to monitor the connection, because GSocket always notifies when condition is G_IO_HUP and G_IO_ERR even if they haven't been explicitly set in g_socket_create_source(). We can register socket event sources differently, providing also a function to be called when the connection is closed, using a single socket and the same even source.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list