RESOLVED FIXED 11514
REGRESSION (r17438): Repro crash when opening a web archive 
https://bugs.webkit.org/show_bug.cgi?id=11514
Summary REGRESSION (r17438): Repro crash when opening a web archive
mitz
Reported Saturday, November 4, 2006 10:13:14 AM UTC
Safari crashes when you open any web archive (attaching one for example). Backtrace: 0 com.apple.WebCore 0x015b8fd0 WebCore::Shared<WebCore::PageState>::deref() + 36 1 com.apple.WebCore 0x0104dbd4 -[WebCorePageState dealloc] + 48 2 com.apple.WebCore 0x0104db40 -[WebCorePageState initWithPage:] + 240 3 com.apple.WebKit 0x003d63e8 WebFrameLoaderClient::createPageCache(WebHistoryItem*) + 156 (WebFrameLoaderClient.mm:1135) 4 com.apple.WebKit 0x003d6968 WebFrameLoaderClient::provisionalLoadStarted() + 852 (WebFrameLoaderClient.mm:995) 5 com.apple.WebCore 0x014af5f4 WebCore::FrameLoader::provisionalLoadStarted() + 96 (FrameLoaderMac.mm:654) 6 com.apple.WebCore 0x014af6f8 WebCore::FrameLoader::setState(WebCore::FrameState) + 68 (FrameLoaderMac.mm:661) 7 com.apple.WebCore 0x014b4b80 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(NSURLRequest*, WTF::PassRefPtr<WebCore::FormState>) + 648 (FrameLoaderMac.mm:1479) 8 com.apple.WebCore 0x014b4d20 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, NSURLRequest*, WTF::PassRefPtr<WebCore::FormState>) + 76 (FrameLoaderMac.mm:1436) 9 com.apple.WebCore 0x014b39b8 WebCore::PolicyCheck::call() + 144 (FrameLoaderMac.mm:2019) 10 com.apple.WebCore 0x014b434c WebCore::FrameLoader::continueAfterNavigationPolicy(WebCore::PolicyAction) + 364 (FrameLoaderMac.mm:1417) 11 com.apple.WebKit 0x003d7924 WebFrameLoaderClient::receivedPolicyDecison(WebCore::PolicyAction) + 392 (WebFrameLoaderClient.mm:1180) 12 com.apple.WebKit 0x003d7fec -[WebFramePolicyListener receivedPolicyDecision:] + 140 (WebFrameLoaderClient.mm:1242) 13 com.apple.WebKit 0x003d7734 -[WebFramePolicyListener use] + 64 (WebFrameLoaderClient.mm:1258) 14 libobjc.A.dylib 0x90a441f4 objc_msgSendv + 180 15 com.apple.Foundation 0x9295cc88 -[NSInvocation invoke] + 944 16 com.apple.Foundation 0x9295d238 -[NSInvocation invokeWithTarget:] + 64 17 com.apple.WebKit 0x0038e3f4 -[_WebSafeForwarder forwardInvocation:] + 632 (WebView.mm:1640) 18 com.apple.Foundation 0x92955034 -[NSObject(NSForwardInvocation) forward::] + 408 19 libobjc.A.dylib 0x90a440b0 _objc_msgForward + 176 20 com.apple.WebKit 0x003d7bd0 WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(void (WebCore::FrameLoader::*)(WebCore::PolicyAction), WebCore::NavigationAction const&, NSURLRequest*) + 220 (WebFrameLoaderClient.mm:674) 21 com.apple.WebCore 0x014b3fe0 WebCore::FrameLoader::checkNavigationPolicy(NSURLRequest*, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, NSURLRequest*, WTF::PassRefPtr<WebCore::FormState>), void*) + 780 (FrameLoaderMac.mm:1393) 22 com.apple.WebCore 0x014b5d9c WebCore::FrameLoader::load(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 476 (FrameLoaderMac.mm:338) 23 com.apple.WebCore 0x014b6d14 WebCore::FrameLoader::load(WebCore::DocumentLoader*) + 528 (FrameLoaderMac.mm:317) 24 com.apple.WebKit 0x00349f98 -[WebFrame loadArchive:] + 500 (WebFrame.mm:1216) 25 com.apple.WebKit 0x0034b8b4 -[WebHTMLRepresentation loadArchive] + 236 (WebHTMLRepresentation.m:180) 26 com.apple.WebKit 0x0034b9b8 -[WebHTMLRepresentation finishedLoadingWithDataSource:] + 240 (WebHTMLRepresentation.m:193) 27 com.apple.WebKit 0x0033e5f4 -[WebDataSource(WebInternal) _finishedLoading] + 112 (WebDataSource.mm:169) 28 com.apple.WebKit 0x003d547c WebFrameLoaderClient::finishedLoading(WebCore::DocumentLoader*) + 76 (WebFrameLoaderClient.mm:801) 29 com.apple.WebCore 0x014b0cf4 WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader*) + 76 (FrameLoaderMac.mm:1249) 30 com.apple.WebCore 0x014ab508 WebCore::DocumentLoader::finishedLoading() + 68 (DocumentLoaderMac.mm:322) 31 com.apple.WebCore 0x014b559c WebCore::FrameLoader::finishedLoading() + 96 (FrameLoaderMac.mm:1059) 32 com.apple.WebCore 0x014be334 WebCore::MainResourceLoader::didFinishLoading() + 232 (MainResourceLoaderMac.mm:336) 33 com.apple.WebCore 0x014ba534 -[WebCoreResourceLoaderAsDelegate connectionDidFinishLoading:] + 124 (ResourceLoaderMac.mm:566) 34 com.apple.Foundation 0x9299384c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 35 com.apple.Foundation 0x92991ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 36 com.apple.Foundation 0x92991810 _sendCallbacks + 156 37 com.apple.CoreFoundation 0x907dd4cc __CFRunLoopDoSources0 + 384 38 com.apple.CoreFoundation 0x907dc9fc __CFRunLoopRun + 452 39 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 40 com.apple.HIToolbox 0x93208740 RunCurrentEventLoopInMode + 264 41 com.apple.HIToolbox 0x93207dd4 ReceiveNextEventCommon + 380 42 com.apple.HIToolbox 0x93207c40 BlockUntilNextEventMatchingListInMode + 96 43 com.apple.AppKit 0x9370bae4 _DPSNextEvent + 384 44 com.apple.AppKit 0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 45 com.apple.Safari 0x00006740 0x1000 + 22336 46 com.apple.AppKit 0x93707cec -[NSApplication run] + 472 47 com.apple.AppKit 0x937f887c NSApplicationMain + 452 48 com.apple.Safari 0x0005c77c 0x1000 + 374652 49 com.apple.Safari 0x0005c624 0x1000 + 374308
Attachments
web archive of about:blank (will crash) (251 bytes, application/octet-stream)
2006-11-04 02:13 PST, mitz 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 Saturday, November 4, 2006 10:13:56 AM UTC
Created attachment 11376 [details] web archive of about:blank (will crash)
mitz
Comment 2 Saturday, November 4, 2006 10:33:24 AM UTC
Looks like a case of missing null checks in -[WebCorePageState dealloc] and -[WebCorePageState finalize]. m_impl will be 0 if the WebCorePageState failed to initialize.
Darin Adler
Comment 3 Saturday, November 4, 2006 5:50:52 PM UTC
(In reply to comment #2) > Looks like a case of missing null checks in -[WebCorePageState dealloc] and > -[WebCorePageState finalize]. m_impl will be 0 if the WebCorePageState failed > to initialize. Yes, sounds exactly right.
Note You need to log in before you can comment on or make changes to this bug.