[Webkit-unassigned] [Bug 237060] Queue throwing exception of blob objects during destruction

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 22 14:52:46 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=237060

--- Comment #4 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 452903
  --> https://bugs.webkit.org/attachment.cgi?id=452903
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=452903&action=review

> Source/WebCore/ChangeLog:10
> +        Queue throwing an exception when destroying a blob object.
> +        Also, ensure that if we are destroying a vm we skip this step
> +        as it will try to allocate memory, which is not allowed during a sweep.

This is not quite correct.  Let's replace this with:
"BlobStreamSource::didFail() may be called from GC sweep.  Hence, we cannot throw an exception synchronously from there as this may result in object allocation (which is not allowed during sweep).  Instead we will enqueue a task to do the the throw later.  Additionally, if didFail() is called during VM shut down, then we skip the enqueuing of the task as the task queue may already have shut down.

> Source/WebCore/fileapi/Blob.cpp:284
> +            // During VM destruction we do not want to raise a dom exception
> +            // as this will trigger an allocation, which is not allowed as we
> +            // will be performing a sweep at that time.

This is not quite correct.  Let's replace this with:

"This function can be called doing Blob destruction, which in turn is called by GC sweep.  Since we cannot allocated objects while sweeping, we need to defer the call to error() which will allocate an exception object, by queueing a task.  Additionally, if this is being called during VM shut down, the task queue may already destructed.  So, we will skip the enqueuing of this task if we're in the midst of VM shut down."

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220222/4b3537e1/attachment-0001.htm>

More information about the webkit-unassigned mailing list