[Webkit-unassigned] [Bug 188474] New: CrashTracer: com.apple.WebKit.Storage at WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient(WebCore::IDBServer::UniqueIDBDatabaseConnection&)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 10 11:01:06 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=188474

            Bug ID: 188474
           Summary: CrashTracer: com.apple.WebKit.Storage at
                    WebCore::IDBServer::UniqueIDBDatabase::connectionClose
                    dFromClient(WebCore::IDBServer::UniqueIDBDatabaseConne
                    ction&)
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sihui_liu at apple.com

Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x00007fff4b774a9d WTF::ListHashSet<WTF::RefPtr<WebCore::IDBServer::UniqueIDBDatabaseConnection, WTF::DumbPtrTraits<WebCore::IDBServer::UniqueIDBDatabaseConnection> >, WTF::PtrHash<WTF::RefPtr<WebCore::IDBServer::UniqueIDBDatabaseConnection, WTF::DumbPtrTraits<WebCore::IDBServer::UniqueIDBDatabaseConnection> > > >::find(WTF::RefPtr<WebCore::IDBServer::UniqueIDBDatabaseConnection, WTF::DumbPtrTraits<WebCore::IDBServer::UniqueIDBDatabaseConnection> > const&) + 173
1   com.apple.WebCore                   0x00007fff4b7614a7 WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient(WebCore::IDBServer::UniqueIDBDatabaseConnection&) + 55
2   com.apple.WebCore                   0x00007fff4b727a9d WebCore::IDBServer::IDBConnectionToClient::connectionToClientClosed() + 317
3   com.apple.WebCore                   0x00007fff4b7294a5 WebCore::IDBServer::IDBServer::unregisterConnection(WebCore::IDBServer::IDBConnectionToClient&) + 21
4   com.apple.WebKit                    0x00007fff4c99772a WebKit::StorageToWebProcessConnection::didClose(IPC::Connection&) + 226
5   com.apple.JavaScriptCore            0x00007fff40e63e97 WTF::RunLoop::performWork() + 231
6   com.apple.JavaScriptCore            0x00007fff40e64122 WTF::RunLoop::performWork(void*) + 34

As Chris suggested, this crash may be caused by stale reference to UniqueIDBDatabase in UniqueIDBDatabaseConnection. UniqueIDBDatabaseConnection could outlive UniqueIDBDatabase because it's refcounted by UniqueIDBDatabaseTransaction, and it holds refcount of UniqueIDBDatabaseTransaction in m_transactionMap.
To make the code more robust, and also put up a speculative fix for this crash, we should make the UniqueIDBDatabase a WeakPtr. Also, assertions are added to make it easier for debugging related storage process crashes.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180810/17090ffd/attachment.html>


More information about the webkit-unassigned mailing list