[Webkit-unassigned] [Bug 197873] [CURL] Fix crashing SocketStreamHandle.

Wed May 15 17:49:54 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=197873

--- Comment #10 from Takashi Komori <Takashi.Komori at sony.com> ---
(In reply to Fujii Hironori from comment #3)
> Comment on attachment 369828 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=369828&action=review
> 
> > Source/WebCore/ChangeLog:8
> > +        When NetworkSocketStream is destructed SocketStreamHandleImple::platformClose is called wrongly times.
> 
> I don't understand this sentence. platformClose is called multiple times?

In wk2 network process NetworkSocketStream is using SocketStreamHandleImpl and
1) NetworkSocketStream::close calls SocketStreamHandleImpl::platformClose
2) When NetworkSocketStream is destructed, SocketStreamHandleImpl::platformClose is called once again wrongly.

> > Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp:106
> > +    m_state = Closed;
> 
> I don't understand why you need to set m_state here. m_state is set in
> SocketStreamHandle::disconnect.

In wk2 network process is using SocketStreamHandleImpl through NetworkSocketStream and it doesn't call NetworkSocketStream::disconnect.

> https://github.com/WebKit/webkit/blob/
> e10a60ba94615a5c607799986b3ed42a88591e0b/Source/WebCore/platform/network/
> SocketStreamHandle.cpp#L81
> 
> > Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp:-146
> > -                m_writeBuffer = nullptr;
> 
> Why do you want not to release the buffer here? It successfully sent the
> whole buffer.

Handling m_writeBuffer here is not thread safe.
In main thread m_writeBuffer is updated in SocketStreamHandleImpl::platformSendInternal.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190516/83c52b83/attachment.html>