Bug 208150

Summary:

Crash in Document::dispatchDisabledAdaptationsDidChangeForMainFrame

Product:

WebKit

Reporter:

Pinki Gyanchandani <pgyanchandani>

Component:

DOM

Assignee:

Nobody <webkit-unassigned>

Status:

NEW

Severity:

Normal

CC:

cdumez, dbates, ews-watchlist, japhet, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	rniwa: review-

Pinki Gyanchandani

Reported 2020-02-24 12:26:08 PST

Initial crash is due to re-entrancy in function didBecomeCurrentDocumentInFrame. The re-entrancy was addressed with below change Style::PostResolutionCallbackDisabler disabler(*newDocument); WidgetHierarchyUpdatesSuspensionScope suspendWidgetHierarchyUpdates; ScriptDisallowedScope::InMainThread scriptDisallowedScope; But due to an orphan frame access later the crash was observed in initContentSecurityPolicy.

Attachments
Patch (6.24 KB, patch) 2020-02-24 13:51 PST, Pinki Gyanchandani	rniwa: review-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Pinki Gyanchandani

Comment 1 2020-02-24 13:51:29 PST

Created attachment 391574 [details] Patch

Ryosuke Niwa

Comment 2 2020-02-24 19:31:57 PST

Ugh... looks like this patch broke WK1 :(

Ryosuke Niwa

Comment 3 2020-02-24 19:32:13 PST

Comment on attachment 391574 [details] Patch r- because tests are failing. We need to figure out why.

Ryosuke Niwa

Comment 4 2020-02-24 19:32:26 PST

<rdar://problem/57161887>

Note You need to log in before you can comment on or make changes to this bug.