[Webkit-unassigned] [Bug 210108] New: Network process crashes handling HTTP2 GRPC-Web response sent by recent Envoy versions

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 7 06:50:31 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=210108

            Bug ID: 210108
           Summary: Network process crashes handling HTTP2 GRPC-Web
                    response sent by recent Envoy versions
           Product: WebKit
           Version: Safari 13
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: julien.roncaglia at zen.ly
                CC: beidson at apple.com

Created attachment 395674

  --> https://bugs.webkit.org/attachment.cgi?id=395674&action=review

Crash file

One of our internal applications access a service via GRPC-Web over HTTP/2 (Website & API aren't public so I can't provide an easy public reproduction but it reproduces 100% of the time) it was working correctly before a technical upgrade on our side but is now crashing the network process of safari.

This problem has also been noticed by multiple envoy users see https://github.com/envoyproxy/envoy/issues/10514 and https://github.com/grpc/grpc-web/issues/759

The message visible in the safari console is : Failed to load resource: WebKit encountered an internal error
The message in the system log is: WebLoaderStrategy::networkProcessCrashed
The crash report generated are joined & all exhibit the following:

---

Crashed Thread: 5 Dispatch queue: com.apple.CFNetwork.HTTP2.HTTP2Stream

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [57872]

---

Other info:
This endpoint is hosted inside kubernetes & recently switched from envoy 1.12 to 1.13

Safari: 13.0.5 (14608.5.12)
Mac: Mojave 10.14.6 (18G3020), also reproduced on Catalina

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200407/eb3b5906/attachment-0001.htm>

More information about the webkit-unassigned mailing list