Fix crash when calling QObject::disconnect for QNetworkReplyWrapper

[vitallium]

Fix it by watching the QNetworkReply's destroyed() signal and avoid the dangling pointer
instead. The QNetworkReply doesn't need to be aborted in this case anyway.

Issue: #11252
Upstream bug: https://bugs.webkit.org/show_bug.cgi?id=116035

[ariya]

Good catch! I'll have a look and test it.

[WoZ]

Works for me.

[ariya]

Awesome fix, it's landed now! Thanks @vitallium!

[MarkR42]

I've tried building from this branch. I'm now getting this crash consistently, I think it's happening more often than the QObject::disconnect.

Maybe this was a bug introduced?

Mark

Program received signal SIGSEGV, Segmentation fault.
0x000000000149efbc in QScopedPointer<QObjectData, QScopedPointerDeleter >::data (this=0x8)
at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:135
135 return d;
(gdb) bt
#0 0x000000000149efbc in QScopedPointer<QObjectData, QScopedPointerDeleter >::data (this=0x8)
at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:135
#1 0x0000000001b1d6c1 in qGetPtrHelper<QScopedPointer > (p=...)
at ../../include/QtCore/../../src/corelib/global/qglobal.h:2455
#2 0x0000000001b1d6e0 in QNetworkReply::d_func (this=0x0) at access/qnetworkreply.h:173
#3 0x0000000001b1cfc6 in QNetworkReply::error (this=0x0) at access/qnetworkreply.cpp:454
#4 0x0000000000ae92ab in WebCore::QNetworkReplyHandler::sendResponseIfNeeded (this=0x5caae80)
at ../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:481
#5 0x0000000000ae73f5 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x5caaeb8)
at ../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:195
#6 0x0000000000ae735c in WebCore::QNetworkReplyHandlerCallQueue::setDeferSignals (this=0x5caaeb8, defer=false)
at ../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:184
#7 0x0000000000ae53fd in WebCore::QNetworkReplyHandler::setLoadingDeferred (this=0x5caae80, deferred=false)
at ../../WebCore/platform/network/qt/QNetworkReplyHandler.h:123
#8 0x0000000000ae5f54 in WebCore::ResourceHandle::platformSetDefersLoading (this=0x7fff85950510, defers=false)
at ../../WebCore/platform/network/qt/ResourceHandleQt.cpp:177
#9 0x0000000000968118 in WebCore::ResourceHandle::setDefersLoading (this=0x7fff85950510, defers=false)
at ../../WebCore/platform/network/ResourceHandle.cpp:174
#10 0x0000000000878c66 in WebCore::ResourceLoader::setDefersLoading (this=0x7fff89526900, defers=false)
at ../../WebCore/loader/ResourceLoader.cpp:171
#11 0x000000000083ee78 in WebCore::setAllDefersLoading (loaders=..., defers=false)
at ../../WebCore/loader/DocumentLoader.cpp:78
#12 0x000000000084200b in WebCore::DocumentLoader::setDefersLoading (this=0x7fff8af99000, defers=false)
at ../../WebCore/loader/DocumentLoader.cpp:726
#13 0x000000000084dd8d in WebCore::FrameLoader::setDefersLoading (this=0x7fff8a395978, defers=false)
at ../../WebCore/loader/FrameLoader.cpp:249
#14 0x00000000008ee859 in WebCore::Page::setDefersLoading (this=0x5f2ff20, defers=false)
at ../../WebCore/page/Page.cpp:562
#15 0x00000000008fd56a in WebCore::PageGroupLoadDeferrer::~PageGroupLoadDeferrer (this=0x7fffffffc880,
__in_chrg=) at ../../WebCore/page/PageGroupLoadDeferrer.cpp:72
#16 0x000000000089860d in WebCore::Chrome::shouldInterruptJavaScript (this=0x7fff8a066708)
at ../../WebCore/page/Chrome.cpp:341
#17 0x00000000005251bc in WebCore::JSDOMWindowBase::shouldInterruptScript (this=0x7ffff45a57d0)
at ../../WebCore/bindings/js/JSDOMWindowBase.cpp:130
#18 0x0000000000f467d7 in JSC::TimeoutChecker::didTimeOut (this=0x7ffff7e39850, exec=0x7ffff45c9288)
at ../../JavaScriptCore/runtime/TimeoutChecker.cpp:149
#19 0x0000000000edf401 in JSC::cti_timeout_check (args=0x7fffffffca00) at ../../JavaScriptCore/jit/JITStubs.cpp:1352
#20 0x00007fffb038ce6c in ?? ()

[vitallium]

Could you please attach an example script?

[MarkR42]

I see this branch has been merged. I've built from the master branch and I can't reproduce this crash (above). I think it was a bad build.