WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
183290
fast/events/before-unload-remove-itself.html crashes with async policy delegates
https://bugs.webkit.org/show_bug.cgi?id=183290
Summary
fast/events/before-unload-remove-itself.html crashes with async policy delegates
Chris Dumez
Reported
2018-03-02 08:27:26 PST
fast/events/before-unload-remove-itself.html crashes with async policy delegates: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000080 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] VM Regions Near 0x80: --> __TEXT 0000000100619000-000000010061b000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: CRASHING TEST: fast/events/before-unload-remove-itself.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000015a504e9c WebCore::PolicyChecker::loadType() const + 12 (PolicyChecker.h:70) 1 com.apple.WebCore 0x000000015a505231 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, bool, WebCore::AllowNavigationToInvalidURL) + 705 (FrameLoader.cpp:3178) 2 com.apple.WebCore 0x000000015a520b88 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WebCore::FormState*, WebCore::AllowNavigationToInvalidURL)::$_5::operator()(WebCore::ResourceRequest const&, WebCore::FormState*, bool) const + 72 (FrameLoader.cpp:1537) 3 com.apple.WebCore 0x000000015a520b12 WTF::Function<void (WebCore::ResourceRequest&&, WebCore::FormState*, bool)>::CallableWrapper<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WebCore::FormState*, WebCore::AllowNavigationToInvalidURL)::$_5>::call(WebCore::ResourceRequest&&, WebCore::FormState*, bool) + 98 (Function.h:101) 4 com.apple.WebCore 0x000000015a550f2d WTF::Function<void (WebCore::ResourceRequest&&, WebCore::FormState*, bool)>::operator()(WebCore::ResourceRequest&&, WebCore::FormState*, bool) const + 221 (Function.h:56) 5 com.apple.WebCore 0x000000015a5439e9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WebCore::FormState*, bool)>::operator()(WebCore::ResourceRequest&&, WebCore::FormState*, bool) const + 185 (CompletionHandler.h:60) 6 com.apple.WebCore 0x000000015a553486 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest&&, bool, WebCore::DocumentLoader*, WebCore::FormState*, WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WebCore::FormState*, bool)>&&)::$_6::operator()(WebCore::PolicyAction) + 662 (PolicyChecker.cpp:165) 7 com.apple.WebCore 0x000000015a55306a WTF::Function<void (WebCore::PolicyAction)>::CallableWrapper<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest&&, bool, WebCore::DocumentLoader*, WebCore::FormState*, WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WebCore::FormState*, bool)>&&)::$_6>::call(WebCore::PolicyAction) + 42 (Function.h:101) 8 com.apple.WebKit 0x00000001007b73b1 WTF::Function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const + 177 (Function.h:56) 9 com.apple.WebKit 0x0000000100f4dff7 WebKit::WebFrame::didReceivePolicyDecision(unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID, std::optional<WebKit::WebsitePoliciesData>&&) + 423 (WebFrame.cpp:282) 10 com.apple.WebKit 0x000000010107a6fc WebKit::WebPage::didReceivePolicyDecision(unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, std::optional<WebKit::WebsitePoliciesData>&&) + 156 (WebPage.cpp:2829) 11 com.apple.WebKit 0x000000010110fd97 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, std::optional<WebKit::WebsitePoliciesData>&&), std::__1::tuple<unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID, std::optional<WebKit::WebsitePoliciesData> >, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, std::optional<WebKit::WebsitePoliciesData>&&), std::__1::tuple<unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID, std::optional<WebKit::WebsitePoliciesData> >&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) + 439 (HandleMessage.h:41) 12 com.apple.WebKit 0x000000010110ee00 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, std::optional<WebKit::WebsitePoliciesData>&&), std::__1::tuple<unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID, std::optional<WebKit::WebsitePoliciesData> >, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul> >(std::__1::tuple<unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID, std::optional<WebKit::WebsitePoliciesData> >&&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, std::optional<WebKit::WebsitePoliciesData>&&)) + 96 (HandleMessage.h:47) 13 com.apple.WebKit 0x00000001010fd21f void IPC::handleMessage<Messages::WebPage::DidReceivePolicyDecision, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, std::optional<WebKit::WebsitePoliciesData>&&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long, unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, std::optional<WebKit::WebsitePoliciesData>&&)) + 383 (HandleMessage.h:127) 14 com.apple.WebKit 0x00000001010f4c12 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 5058 (WebPageMessageReceiver.cpp:673) 15 com.apple.WebKit 0x00000001010804ce WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 510 (WebPage.cpp:3938) 16 com.apple.WebKit 0x0000000101080514 non-virtual thunk to WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 52 17 com.apple.WebKit 0x0000000100885558 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 456 (MessageReceiverMap.cpp:124) 18 com.apple.WebKit 0x00000001012c7b6d WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 61 (WebProcess.cpp:638) 19 com.apple.WebKit 0x00000001007787c3 IPC::Connection::dispatchMessage(IPC::Decoder&) + 51 (Connection.cpp:908) 20 com.apple.WebKit 0x000000010076dda8 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 712 21 com.apple.WebKit 0x0000000100778dca IPC::Connection::dispatchOneMessage() + 1530 (Connection.cpp:965) 22 com.apple.WebKit 0x000000010079128d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() + 29 (Connection.cpp:902) 23 com.apple.WebKit 0x00000001007911e9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() + 25 (Function.h:101) 24 com.apple.JavaScriptCore 0x0000000168a7cb1b WTF::Function<void ()>::operator()() const + 139 (Function.h:56) 25 com.apple.JavaScriptCore 0x0000000168ac19e3 WTF::RunLoop::performWork() + 211 (RunLoop.cpp:107) 26 com.apple.JavaScriptCore 0x0000000168ac2284 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 27 com.apple.CoreFoundation 0x00007fff4e1f2ca1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 28 com.apple.CoreFoundation 0x00007fff4e2ac69c __CFRunLoopDoSource0 + 108 29 com.apple.CoreFoundation 0x00007fff4e1d57e0 __CFRunLoopDoSources0 + 208 30 com.apple.CoreFoundation 0x00007fff4e1d4c5d __CFRunLoopRun + 1293 31 com.apple.CoreFoundation 0x00007fff4e1d44c3 CFRunLoopRunSpecific + 483 32 com.apple.HIToolbox 0x00007fff4d4bfd86 RunCurrentEventLoopInMode + 286 33 com.apple.HIToolbox 0x00007fff4d4bfaf6 ReceiveNextEventCommon + 613 34 com.apple.HIToolbox 0x00007fff4d4bf874 _BlockUntilNextEventMatchingListInModeWithFilter + 64 35 com.apple.AppKit 0x00007fff4b745c17 _DPSNextEvent + 2085 36 com.apple.AppKit 0x00007fff4bedbf04 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 37 com.apple.AppKit 0x00007fff4b73aa29 -[NSApplication run] + 764 38 com.apple.AppKit 0x00007fff4b709c02 NSApplicationMain + 804 39 libxpc.dylib 0x00007fff76ea9f93 _xpc_objc_main + 580 40 libxpc.dylib 0x00007fff76ea8be6 xpc_main + 417 41 com.apple.WebKit.WebContent 0x000000010061a13b main + 1195 (XPCServiceMain.mm:148) 42 libdyld.dylib 0x00007fff76b5a015 start + 1
Attachments
Patch
(7.56 KB, patch)
2018-03-02 08:55 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2018-03-02 08:28:18 PST
<
rdar://problem/38069045
>
Chris Dumez
Comment 2
2018-03-02 08:55:03 PST
Created
attachment 334899
[details]
Patch
WebKit Commit Bot
Comment 3
2018-03-02 09:52:22 PST
Comment on
attachment 334899
[details]
Patch Clearing flags on attachment: 334899 Committed
r229179
: <
https://trac.webkit.org/changeset/229179
>
WebKit Commit Bot
Comment 4
2018-03-02 09:52:24 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug