WebKit Bugzilla
Attachment 370001 Details for
Bug 197927
: Crash under WebCore::TimerBase::~TimerBase after a download is canceled
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
file_197927.txt (text/plain), 3.23 KB, created by
David Quesada
on 2019-05-15 15:49:02 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
David Quesada
Created:
2019-05-15 15:49:02 PDT
Size:
3.23 KB
patch
obsolete
>commit 10859ac03d8b6c66a2afabe560cfc1cbbd00010a >Author: David Quesada <david_quesada@apple.com> >Date: Wed May 15 15:48:07 2019 -0700 > > Crash under WebCore::TimerBase::~TimerBase after a download is canceled > https://bugs.webkit.org/show_bug.cgi?id=197927 > rdar://problem/50822728 > > Reviewed by NOBODY (OOPS!). > > * NetworkProcess/Downloads/cocoa/DownloadCocoa.mm: > (WebKit::Download::platformCancelNetworkLoad): > CFNetwork makes no guarantees about what thread is used to call the completion block > passed to -[NSURLSessionDownloadTask cancelByProducingResumeData], and in some cases, > it can be called on a background queue. This eventually causes the Download to be > deallocated on the background queue, which triggers a release assertion failure in > ~TimerBase. When CFNetwork finishes canceling the download, we should move to the > main thread before calling didCancel(). > >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 10205c8af5e..f04705c723c 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,20 @@ >+2019-05-15 David Quesada <david_quesada@apple.com> >+ >+ Crash under WebCore::TimerBase::~TimerBase after a download is canceled >+ https://bugs.webkit.org/show_bug.cgi?id=197927 >+ rdar://problem/50822728 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * NetworkProcess/Downloads/cocoa/DownloadCocoa.mm: >+ (WebKit::Download::platformCancelNetworkLoad): >+ CFNetwork makes no guarantees about what thread is used to call the completion block >+ passed to -[NSURLSessionDownloadTask cancelByProducingResumeData], and in some cases, >+ it can be called on a background queue. This eventually causes the Download to be >+ deallocated on the background queue, which triggers a release assertion failure in >+ ~TimerBase. When CFNetwork finishes canceling the download, we should move to the >+ main thread before calling didCancel(). >+ > 2019-05-15 Sihui Liu <sihui_liu@apple.com> > > Add assertions to help diagnose crash at WebProcessProxy::processPool() >diff --git a/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm b/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm >index 006e4002585..f10467fee7f 100644 >--- a/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm >+++ b/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm >@@ -81,10 +81,12 @@ void Download::platformCancelNetworkLoad() > { > ASSERT(m_downloadTask); > [m_downloadTask cancelByProducingResumeData:^(NSData *resumeData) { >- if (resumeData && resumeData.bytes && resumeData.length) >- didCancel(IPC::DataReference(reinterpret_cast<const uint8_t*>(resumeData.bytes), resumeData.length)); >- else >- didCancel({ }); >+ callOnMainThread([this, resumeData = retainPtr(resumeData)] { >+ if (resumeData && resumeData.get().bytes && resumeData.get().length) >+ didCancel(IPC::DataReference(reinterpret_cast<const uint8_t*>(resumeData.get().bytes), resumeData.get().length)); >+ else >+ didCancel({ }); >+ }); > }]; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370001">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197927
: 370001