[Webkit-unassigned] [Bug 200378] New: [Curl] double free of URL in ~SocketStreamHandle

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 1 20:19:55 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=200378

            Bug ID: 200378
           Summary: [Curl] double free of URL in ~SocketStreamHandle
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com

[Curl] double free of URL in ~SocketStreamHandle

python ./Tools/Scripts/run-webkit-tests --debug --wincairo --no-new-test-results --fully-parallel --iterations=50 http/tests/websocket/tests/hybi

>    Frame[00]  Triage Symbol: [ntdll!RtlReportFatalFailure+0x9]
>    Frame[01]  Ignore Symbol: [ntdll!RtlReportCriticalFailure+0x97]
>    Frame[02]  Ignore Symbol: [ntdll!RtlpHeapHandleError+0x12]
>    Frame[03]  Triage Symbol: [ntdll!RtlpHpHeapHandleError+0x7a]
>    Frame[04]  Ignore Symbol: [ntdll!RtlpLogHeapFailure+0x45]
>    Frame[05]  Triage Symbol: [ntdll!RtlpFreeHeapInternal+0x80d]
>    Frame[06]  Ignore Symbol: [ntdll!RtlFreeHeap+0x51]
>    Frame[07]  Triage Symbol: [ucrtbase!_free_base+0x1b]
>    Frame[08]  Ignore Symbol: [WTF!WTF::fastFree+0x14]
>    Frame[09]  Triage Symbol: [WTF!WTF::StringImpl::destroy+0x1d]
>    Frame[0a]  Triage Symbol: [WTF!WTF::StringImpl::deref+0x31]
>    Frame[0b]  Triage Symbol: [WTF!WTF::derefIfNotNull<WTF::StringImpl>+0x1f]
>    Frame[0c]  Triage Symbol: [WTF!WTF::RefPtr<WTF::StringImpl,WTF::DumbPtrTraits<WTF::StringImpl> >::~RefPtr+0x38]
>    Frame[0d]  Triage Symbol: [WTF!WTF::String::~String+0x13]
>    Frame[0e]  Triage Symbol: [WTF!WTF::URL::~URL+0x13]
>    Frame[0f]  Triage Symbol: [WebKit2!WebCore::SocketStreamHandle::~SocketStreamHandle+0x22]
>    Frame[10]  Triage Symbol: [WebKit2!WebCore::SocketStreamHandleImpl::~SocketStreamHandleImpl+0xba]
>    Frame[11]  Triage Symbol: [WebKit2!WebCore::SocketStreamHandleImpl::~SocketStreamHandleImpl+0x2c]
>    Frame[12]  Triage Symbol: [WebKit2!WTF::ThreadSafeRefCounted<WebCore::SocketStreamHandle,WTF::DestructionThread::Main>::deref::<unnamed-tag>::operator+0x41]
>    Frame[13]  Triage Symbol: [WebKit2!WTF::ThreadSafeRefCounted<WebCore::SocketStreamHandle,WTF::DestructionThread::Main>::deref+0x8f]
>    Frame[14]  Triage Symbol: [WebKit2!WTF::Ref<WebCore::SocketStreamHandleImpl,WTF::DumbPtrTraits<WebCore::SocketStreamHandleImpl> >::~Ref+0x33]
>    Frame[15]  Triage Symbol: [WebKit2!WebKit::NetworkSocketStream::~NetworkSocketStream+0x49]
>    Frame[16]  Triage Symbol: [WebKit2!WebKit::NetworkSocketStream::~NetworkSocketStream+0x2c]
>    Frame[17]  Triage Symbol: [WebKit2!WTF::RefCounted<WebKit::NetworkSocketStream>::deref+0x60]
>    Frame[18]  Triage Symbol: [WebKit2!WTF::derefIfNotNull<WebKit::NetworkSocketStream>+0x26]
>    Frame[19]  Triage Symbol: [WebKit2!WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> >::~RefPtr+0x38]
>    Frame[1a]  Triage Symbol: [WebKit2!WTF::KeyValuePairHashTraits<WTF::HashTraits<unsigned long long>,WTF::HashTraits<WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> > > >::customDeleteBucket+0x21]
>    Frame[1b]  Triage Symbol: [WebKit2!WTF::hashTraitsDeleteBucket<WTF::HashMap<unsigned long long,WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> >,WTF::IntHash<unsigned long long>,WTF::HashTraits<unsigned long long>,WTF::HashTraits<WTF::RefPtr<WebKit::Netw+0x13]
>    Frame[1c]  Triage Symbol: [WebKit2!WTF::HashTable<unsigned long long,WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> > >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSo+0x13]
>    Frame[1d]  Triage Symbol: [WebKit2!WTF::HashTable<unsigned long long,WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> > >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSo+0x25]
>    Frame[1e]  Triage Symbol: [WebKit2!WTF::HashTable<unsigned long long,WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> > >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSo+0x2c]
>    Frame[1f]  Triage Symbol: [WebKit2!WTF::HashTable<unsigned long long,WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> > >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long,WTF::RefPtr<WebKit::NetworkSo+0x84]
>    Frame[20]  Triage Symbol: [WebKit2!WTF::HashMap<unsigned long long,WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> >,WTF::IntHash<unsigned long long>,WTF::HashTraits<unsigned long long>,WTF::HashTraits<WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtr+0xae]
>    Frame[21]  Triage Symbol: [WebKit2!WTF::HashMap<unsigned long long,WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtrTraits<WebKit::NetworkSocketStream> >,WTF::IntHash<unsigned long long>,WTF::HashTraits<unsigned long long>,WTF::HashTraits<WTF::RefPtr<WebKit::NetworkSocketStream,WTF::DumbPtr+0x48]
>    Frame[22]  Triage Symbol: [WebKit2!WebKit::NetworkConnectionToWebProcess::didReceiveMessage+0x342]
>    Frame[23]  Triage Symbol: [WebKit2!IPC::Connection::dispatchMessage+0x226]
>    Frame[24]  Triage Symbol: [WebKit2!IPC::Connection::dispatchMessage+0x295]
>    Frame[25]  Triage Symbol: [WebKit2!IPC::Connection::dispatchOneIncomingMessage+0x11d]
>    Frame[26]  Triage Symbol: [WebKit2!IPC::Connection::enqueueIncomingMessage::<unnamed-tag>::operator+0x5c]
>    Frame[27]  Triage Symbol: [WebKit2!WTF::Detail::CallableWrapper<`lambda at ..\..\Source\WebKit\Platform\IPC\Connection.cpp:974:30',void>::call+0x17]
>    Frame[28]  Triage Symbol: [WTF!WTF::Function<void +0x90]
>    Frame[29]  Triage Symbol: [WTF!WTF::RunLoop::performWork+0x126]
>    Frame[2a]  Ignore Symbol: [WTF!WTF::RunLoop::wndProc+0x75]
>    Frame[2b]  Ignore Symbol: [WTF!WTF::RunLoop::RunLoopWndProc+0x59]
>    Frame[2c]  Triage Symbol: [USER32!UserCallWinProcCheckWow+0x2bd]
>    Frame[2d]  Triage Symbol: [USER32!DispatchMessageWorker+0x1e2]
>    Frame[2e]  Triage Symbol: [WTF!WTF::RunLoop::run+0x63]
>    Frame[2f]  Triage Symbol: [WebKit2!WebKit::AuxiliaryProcessMain<WebKit::NetworkProcess,WebKit::AuxiliaryProcessMainBase>+0xa5]
>    Frame[30]  Triage Symbol: [WebKit2!WebKit::NetworkProcessMainWin+0x1b]
>    Frame[31]  Triage Symbol: [WebKitNetworkProcess!main+0x1c]
>    Frame[32]  Triage Symbol: [WebKitNetworkProcess!__scrt_common_main_seh+0x10c]
>    Frame[33]  Triage Symbol: [KERNEL32!BaseThreadInitThunk+0x14]
>    Frame[34]  Triage Symbol: [ntdll!RtlUserThreadStart+0x21]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190802/8fca1592/attachment.html>

More information about the webkit-unassigned mailing list