Bug 201119

Summary: REGRESSION (?): Remote inspecting a MiniBrowser window crashes it
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: Web InspectorAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: cdumez, hi, inspector-bugzilla-changes, joepeck, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=200947

Simon Fraser (smfr)
Reported 2019-08-24 11:36:43 PDT
Run MiniBrowser, make a WK1 window, remote-inspect it with STP. Crash: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x70) * frame #0: 0x000000010a505535 WebCore`std::__1::unique_ptr<WTF::Lock, std::__1::default_delete<WTF::Lock> >::operator*(this=0x0000000000000070) const at memory:2599:20 frame #1: 0x000000010d3ee413 WebCore`WTF::HashTable<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> >::invalidateIterators(this={ tableSize = 0, keyCount = 0 }) at HashTable.h:1466:36 frame #2: 0x000000010d410abb WebCore`WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> > > WTF::HashTable<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> >::add<WTF::HashMapEnsureTranslator<WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::PtrHash<WebCore::Frame*> >, WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(this={ tableSize = 0, keyCount = 0 }, key={ origin = , url = , isMainFrame = 0, pageCacheState = }, extra=0x00007ffeefbfd5e0)::$_10>(WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(WebCore::Frame*)::$_10&&) at HashTable.h:904:9 frame #3: 0x000000010d410a54 WebCore`WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> > > WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::inlineEnsure<WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(this={ tableSize = 0, keyCount = 0 }, key={ origin = , url = , isMainFrame = 0, pageCacheState = }, functor=0x00007ffeefbfd5e0)::$_10>(WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(WebCore::Frame*)::$_10&&) at HashMap.h:367:28 frame #4: 0x000000010d3d352f WebCore`WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> > > WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::ensure<WebCore::InspectorPageAgent::frameId(this={ tableSize = 0, keyCount = 0 }, key={ origin = , url = , isMainFrame = 0, pageCacheState = }, functor=0x00007ffeefbfd5e0)::$_10>(WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(WebCore::Frame*)::$_10&&) at HashMap.h:423:12 frame #5: 0x000000010d3d2c30 WebCore`WebCore::InspectorPageAgent::frameId(this=0x0000000000000000, frame={ origin = file://, url = file:///Volumes/Data/Development/system/webkit/testcontent/reductions/pure-css-still-life-water-lemon-reduced.html, isMainFrame = 1, pageCacheState = NotInPageCache }) at InspectorPageAgent.cpp:707:32 frame #6: 0x000000010d30fb33 WebCore`WebCore::InspectorStyleSheet::buildObjectForStyleSheetInfo(this=0x000000012d62e9f8) at InspectorStyleSheet.cpp:1026:34 frame #7: 0x000000010d33ee32 WebCore`WebCore::InspectorCSSAgent::setActiveStyleSheetsForDocument(this=0x000000012d67e840, document={ origin = file://, url = file:///Volumes/Data/Development/system/webkit/testcontent/reductions/pure-css-still-life-water-lemon-reduced.html, inMainFrame = 1, pageCacheState = NotInPageCache }, activeStyleSheets={ size = 1, capacity = 16 }) at InspectorCSSAgent.cpp:395:72 frame #8: 0x000000010d33e8f3 WebCore`WebCore::InspectorCSSAgent::activeStyleSheetsUpdated(this=0x000000012d67e840, document={ origin = file://, url = file:///Volumes/Data/Development/system/webkit/testcontent/reductions/pure-css-still-life-water-lemon-reduced.html, inMainFrame = 1, pageCacheState = NotInPageCache }) at InspectorCSSAgent.cpp:366:5 frame #9: 0x000000010d33e762 WebCore`WebCore::InspectorCSSAgent::enable(this=0x000000012d67e840, (null)={ length = 0, contents = '' }) at InspectorCSSAgent.cpp:335:13 frame #10: 0x00000001230372e7 JavaScriptCore`Inspector::CSSBackendDispatcher::enable(this=0x000000012d64ac08, requestId=9, (null)=0x00007ffeefbfdb38) at InspectorBackendDispatchers.cpp:472:14 frame #11: 0x000000012303717b JavaScriptCore`Inspector::CSSBackendDispatcher::dispatch(this=0x000000012d64ac08, requestId=9, method={ length = 6, contents = 'enable' }, message=0x00007ffeefbfdc40) at InspectorBackendDispatchers.cpp:458:5 frame #12: 0x0000000123031c5b JavaScriptCore`Inspector::BackendDispatcher::dispatch(this=0x000000012d6f1108, message={ length = 30, contents = '{"id":9,"method":"CSS.enable"}' }) at InspectorBackendDispatcher.cpp:180:27 frame #13: 0x000000010d2e435c WebCore`WebCore::InspectorController::dispatchMessageFromFrontend(this=0x000000012d6e2000, message={ length = 30, contents = '{"id":9,"method":"CSS.enable"}' }) at InspectorController.cpp:395:26 frame #14: 0x000000010d781009 WebCore`WebCore::PageDebuggable::dispatchMessageFromRemote(this=0x000000012d6a6758, message={ length = 30, contents = '{"id":9,"method":"CSS.enable"}' }) at PageDebuggable.cpp:84:34 frame #15: 0x0000000122531bcf JavaScriptCore`::___ZN9Inspector24RemoteConnectionToTarget19sendMessageToTargetEP8NSString_block_invoke(.block_descriptor=0x0000600000c545d0) at RemoteConnectionToTargetCocoa.mm:233:21 frame #16: 0x00000001225399dd JavaScriptCore`WTF::BlockPtr<void ()>::operator(this=0x000000012d6314d0)() const at BlockPtr.h:184:16 frame #17: 0x000000012253969a JavaScriptCore`Inspector::RemoteTargetHandleRunSourceGlobal((null)=0x0000000000000000) at RemoteConnectionToTargetCocoa.mm:62:9 frame #18: 0x00007fff50b91405 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #19: 0x00007fff50b913ab CoreFoundation`__CFRunLoopDoSource0 + 108 frame #20: 0x00007fff50b74e51 CoreFoundation`__CFRunLoopDoSources0 + 195 frame #21: 0x00007fff50b743fa CoreFoundation`__CFRunLoopRun + 1219 frame #22: 0x00007fff50b73ce4 CoreFoundation`CFRunLoopRunSpecific + 463 frame #23: 0x00007fff4fe0d895 HIToolbox`RunCurrentEventLoopInMode + 293 frame #24: 0x00007fff4fe0d5cb HIToolbox`ReceiveNextEventCommon + 618 frame #25: 0x00007fff4fe0d348 HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 64 frame #26: 0x00007fff4e0ca95b AppKit`_DPSNextEvent + 997 frame #27: 0x00007fff4e0c96fa AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362 frame #28: 0x00007fff4e0c375d AppKit`-[NSApplication run] + 699 frame #29: 0x00007fff4e0b2e97 AppKit`NSApplicationMain + 780 frame #30: 0x0000000100005fbb MiniBrowser`main(argc=5, argv=0x00007ffeefbff630) at main.m:32:12 frame #31: 0x00007fff7dd67085 libdyld.dylib`start + 1 (lldb) In InspectorStyleSheet::buildObjectForStyleSheetInfo(), m_pageAgent is null so: .setFrameId(m_pageAgent->frameId(frame)) crashes.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-08-24 11:37:10 PDT
<rdar://problem/54674148>
Simon Fraser (smfr)
Comment 2 2019-08-24 11:38:14 PDT
Also happens with WK2.
Devin Rousso
Comment 3 2019-08-26 17:53:43 PDT
I think this was fixed in r248943 <https://trac.webkit.org/r248943> <https://webkit.org/b/200947>. Does this reproduce with ToT (both Web Inspector (frontend) and MiniBrowser)?
Simon Fraser (smfr)
Comment 4 2019-09-03 14:25:16 PDT
Can't reproduce any more.
Note You need to log in before you can comment on or make changes to this bug.