[Webkit-unassigned] [Bug 237917] [WPE][GTK] Fix a crash after r290360
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 15 13:23:56 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=237917
--- Comment #1 from Pablo Saavedra <psaavedra at igalia.com> ---
The segfault is because a doble-call to the WebProcess::terminate() method in the WebProcess::shutdown() path.
```
void WebProcess::terminate()
{
#ifndef NDEBUG
GCController::singleton().garbageCollectNow();
FontCache::singleton().invalidate();
MemoryCache::singleton().setDisabled(true);
#endif
m_webConnection->invalidate(); <<<<<<<< invalid access during the second invocation
m_webConnection = nullptr; <<<<<<<<< set null in the first invocation
platformTerminate();
AuxiliaryProcess::terminate();
}
```
Here the stack method calls:
AuxiliaryProcess::shutDown():
```
-> terminate()
-> WebProcess::terminate()
-> AuxiliaryProcess::terminate()
-> AuxiliaryProcess::terminate() -> stopRunLoop()
-> WebProcess::stopRunLoop() (from glib/WebProcessGLib.cpp)
-> WebPage::close()
-> WebProcess::singleton().removeWebPage(m_identifier)
-> AuxiliaryProcess::enableTermination() -- m_terminationCounter: 0
-> WebProcess::terminate()
```
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220315/9c12ea54/attachment.htm>
More information about the webkit-unassigned
mailing list