[Webkit-unassigned] [Bug 213917] New: Win EWS: Crash in FetchBodySource::error() due to uninitialized Optional m_controller.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 2 21:09:03 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=213917

            Bug ID: 213917
           Summary: Win EWS: Crash in FetchBodySource::error() due to
                    uninitialized Optional m_controller.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

See https://ews-build.webkit.org/#/builders/10/builds/29527 and https://ews-build.webkit.org/results/Windows-EWS/r403384-29527/http/tests/fetch/clone-response-body-crash-log.txt.

>From https://bugs.webkit.org/show_bug.cgi?id=213819#c12:

It looks like this patch is successful in fixing the majority of crashes due to the unhandled exception.  However, there appears to be 1 more test failures:

http/tests/fetch/clone-response-body.html

... with the following crash stack:

 # Child-SP          RetAddr           Call Site
00 000000f3`d88fcbd0 00007fff`364e5439 WebKit!abort(void)+0x35 [minkernel\crts\ucrt\src\appcrt\startup\abort.cpp @ 77]
01 (Inline Function) --------`-------- WebKit!WTF::Optional<WebCore::ReadableStreamDefaultController>::value+0xa0 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\WebKitBuild\Release\DerivedSources\ForwardingHeaders\wtf\Optional.h @ 550]
02 (Inline Function) --------`-------- WebKit!WebCore::ReadableStreamSource::controller+0xa0 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\Modules\streams\ReadableStreamSource.h @ 49]
03 000000f3`d88fcc00 00007fff`35de16a8 WebKit!WebCore::FetchBodySource::error(class WebCore::Exception * value = 0x000000f3`d88fcc88)+0xb9 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\Modules\fetch\FetchBodySource.cpp @ 92]
04 000000f3`d88fcc60 00007fff`360e0aad WebKit!WebCore::FetchResponse::BodyLoader::didFail(class WebCore::ResourceError * error = <Value unavailable error>)+0x238 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\Modules\fetch\FetchResponse.cpp @ 308]
05 000000f3`d88fcd10 00007fff`360e0536 WebKit!WebCore::CachedResource::checkNotify(class WebCore::NetworkLoadMetrics * metrics = 0x000000f3`d88fce08)+0x11d [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\loader\cache\CachedResource.cpp @ 375]
06 000000f3`d88fcd90 00007fff`35a79abe WebKit!WebCore::CachedResource::cancelLoad(void)+0x246 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\loader\cache\CachedResource.cpp @ 417]
07 000000f3`d88fcee0 00007fff`35a6ae50 WebKit!WebCore::SubresourceLoader::didCancel(class WebCore::ResourceError * __formal = 0x000000f3`d88fd010)+0x1e [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\loader\SubresourceLoader.cpp @ 831]
08 000000f3`d88fcf10 00007fff`35a6af7f WebKit!WebCore::ResourceLoader::cancel(class WebCore::ResourceError * error = <Value unavailable error>)+0x390 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\loader\ResourceLoader.cpp @ 665]

The reason for the crash is due to Optional<ReadableStreamDefaultController> m_controller (used in controller()) being uninitialized here:

void FetchBodySource::error(const Exception& value)
{
    controller().error(value);
    clean();
    m_bodyOwner = nullptr;
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200703/86b81851/attachment.htm>

More information about the webkit-unassigned mailing list