[Webkit-unassigned] [Bug 146783] New: [SOUP] Crash in ~WebSoupRequestAsyncData

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=146783

            Bug ID: 146783
           Summary: [SOUP] Crash in ~WebSoupRequestAsyncData
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com

Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 42'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  ~WebSoupRequestAsyncData (this=0x1, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.8.3/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:54
54            if (request)

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 ~WebSoupRequestAsyncData at /usr/src/debug/webkitgtk-2.8.3/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:54
 #1 operator() at /usr/include/c++/5.1.1/bits/unique_ptr.h:76
 #2 ~unique_ptr at /usr/include/c++/5.1.1/bits/unique_ptr.h:236
 #3 ~KeyValuePair at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTraits.h:180
 #4 reinsert at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:926
 #5 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >, WTF::IntHash<unsigned long>, WTF::HashMap<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> >, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::rehash at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1126
 #6 shrink at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:444
 #7 WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >, WTF::IntHash<unsigned long>, WTF::HashMap<unsigned long, std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> >, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<std::unique_ptr<WebKit::WebSoupRequestAsyncData, std::default_delete<WebKit::WebSoupRequestAsyncData> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::remove at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1000
 #8 removeAndInvalidateWithoutEntryConsistencyCheck at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:974
 #9 removeWithoutEntryConsistencyCheck at /usr/src/debug/webkitgtk-2.8.3/Source/WTF/wtf/HashTable.h:1020

See the downstream bug for the full backtrace.

I spent a bit of time looking at this, but I don't understand the crash. The code looks safe to me.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150709/8a2688d1/attachment.html>