Bug 208150

Summary: Crash in Document::dispatchDisabledAdaptationsDidChangeForMainFrame
Product: WebKit Reporter: Pinki Gyanchandani <pgyanchandani>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: cdumez, dbates, ews-watchlist, japhet, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch rniwa: review-

Description Pinki Gyanchandani 2020-02-24 12:26:08 PST 
Initial crash is due to re-entrancy in function didBecomeCurrentDocumentInFrame. The re-entrancy was addressed with below change 

Style::PostResolutionCallbackDisabler disabler(*newDocument);
        WidgetHierarchyUpdatesSuspensionScope suspendWidgetHierarchyUpdates;
        ScriptDisallowedScope::InMainThread scriptDisallowedScope; 

But due to an orphan frame access later the crash was observed in initContentSecurityPolicy.
Comment 1 Pinki Gyanchandani 2020-02-24 13:51:29 PST 
Created attachment 391574 [details]
Patch
Comment 2 Ryosuke Niwa 2020-02-24 19:31:57 PST 
Ugh... looks like this patch broke WK1 :(
Comment 3 Ryosuke Niwa 2020-02-24 19:32:13 PST 
Comment on attachment 391574 [details]
Patch

r- because tests are failing. We need to figure out why.
Comment 4 Ryosuke Niwa 2020-02-24 19:32:26 PST 
<rdar://problem/57161887>