New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 821067 link

Starred by 1 user
Status: Fixed
Owner:
mmenke@chromium.org
Closed: Mar 2018
Cc:
xunji...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug
Proj-Servicification

Blocking:
issue 821030



Sign in to add a comment

ChunkedDataPipeUploadDataStream can call into a null |data_pipe_|

Project Member Reported by xunji...@chromium.org, Mar 12 2018 
Apply this patch https://chromium-review.googlesource.com/c/chromium/src/+/957918, and some of ChunkedDataPipeUploadDataStreamTest will fail.

For example, ChunkedDataPipeUploadDataStreamTest.CloseBodyPipeBeforeCloseGetter1 will make ChunkedDataPipeUploadDataStream reset |data_pipe_| because |!size_|. After resetting |data_pipe_|, the class can call into the null |data_pipe_| in ReadInternal().

Comment 1 by xunji...@chromium.org, Mar 12 2018 

+mmenke@: this might be a bug in ChunkedDataPipeUploadDataStream itself rather than a bug in the tests. Can you take a look?

Comment 2 by xunji...@chromium.org, Mar 12 2018

Blocking: 821030

Comment 3 by mmenke@chromium.org, Mar 12 2018 

Will do!  I start looking into this tomorrow.  Thanks.

Comment 4 by mmenke@chromium.org, Mar 14 2018 

Sorry, ran into a bunch of build issues on my personal computer yesterday, and took most of the day to resolve them.  On triage next two days, so likely won't get to this until Friday.

Comment 5 by mmenke@chromium.org, Mar 16 2018

Cc: xunji...@chromium.org
The code does not look to be reading from data_pipe_ after resetting it (Without populating it again first).  The only place where we reset the socket in that file, we also stop watching it.

What looks to be happening in ChunkedDataPipeUploadDataStreamTest.CloseBodyPipeBeforeCloseGetter1:

ResetInternal is called (Needlessly).
InitInternal is called, populating data_pipe_.
We reset the write_pipe_ in the test fixture.
ReadInternal is called.  The DCHECK triggers when we try to read.

There's no notification either the size or body pipe was closed.  Even checking data_pipe_.is_valid() right before reading from it returns true.

As far as I can tell, ChunkedDataPipeUploadDataStream is behaving entirely correctly in this case, it's just the DCHECK that's wrong.

Am I missing something?

Comment 6 by mmenke@chromium.org, Mar 16 2018 

For the record, Helen patiently pointed me to a different crash stack than I was looking at, which made it clear that yes, there is a bug (And she pointed me to bug as well).  Strangely, I'm not having trouble reproducing the original crash stack trace I was getting.  It's possible I messed something else up, or there's some sort of race that I'm now always winning (losing?).
Project Member

Comment 7 by bugdroid1@chromium.org, Mar 16 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/682206aafb5a1b9b3ae56099e2dc119311f3c3da

commit 682206aafb5a1b9b3ae56099e2dc119311f3c3da
Author: Matt Menke <mmenke@chromium.org>
Date: Fri Mar 16 20:33:03 2018

ChunkedUploadDataPipeGetter: Stop watching the pipe before destroying it

This currently seems to work, but isn't a great idea, and the code isn't
expecting another callback after that point, anyways.

Bug:  821067 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I57a7cd5b71d1859c72a1dcbf76fba3f68943e45f
Reviewed-on: https://chromium-review.googlesource.com/966986
Commit-Queue: Matt Menke <mmenke@chromium.org>
Reviewed-by: Helen Li <xunjieli@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543811}
[modify] https://crrev.com/682206aafb5a1b9b3ae56099e2dc119311f3c3da/services/network/chunked_data_pipe_upload_data_stream.cc

Comment 8 by mmenke@chromium.org, Mar 16 2018

Status: Fixed (was: Assigned)
Still unable to reproduce the other trace I was getting.  Must have been one of my debug changes.

Sign in to add a comment