WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
12119
REGRESSION: Null deref in WebCore::PageCache::timeStamp
https://bugs.webkit.org/show_bug.cgi?id=12119
Summary
REGRESSION: Null deref in WebCore::PageCache::timeStamp
Mark Rowe (bdash)
Reported
2007-01-04 17:20:48 PST
Steps to reproduce: 1. Load
http://lists.macosforge.org/pipermail/webkit-changes/2007-January/thread.html
2. Click on the email for revision 18502. 3. Click on the "Next message" link until the message about revision 18506 is displayed. 4. Hit Cmd-Left-Arrow repeatedly to get back to the thread index page. Expected results: I would get back to the thread index page. Actual results: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000010 0x013b7dc3 in WebCore::PageCache::timeStamp (this=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/history/PageCache.cpp:76 76 return m_timeStamp; (gdb) bt #0 0x013b7dc3 in WebCore::PageCache::timeStamp (this=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/history/PageCache.cpp:76 #1 0x0139ac3a in WebCore::FrameLoader::loadItem (this=0x2843400, item=0x18653610, loadType=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2790 #2 0x0139b5c9 in WebCore::FrameLoader::recursiveGoToItem (this=0x2843400, item=0x18653610, fromItem=0x186b3b60, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2951 #3 0x0139b6b7 in WebCore::FrameLoader::goToItem (this=0x2843400, targetItem=0x18653610, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2899 #4 0x0119e27c in WebCore::Page::goToItem (this=0x2163ed0, item=0x18653610, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:132 #5 0x0119e317 in WebCore::Page::goBack (this=0x2163ed0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:108 #6 0x00364689 in -[WebView goBack] (self=0x21603c0, _cmd=0x90aa7630) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:2117 #7 0x0035b54d in -[WebFrameView _goBack] (self=0x21616b0, _cmd=0x90a75f50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebFrameView.mm:555 #8 0x0035c78b in -[WebFrameView keyDown:] (self=0x21616b0, _cmd=0x90ab0f84, event=0x184dfaf0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebFrameView.mm:809 #9 0x932e2b59 in forwardMethod () #10 0x932e2b59 in forwardMethod () #11 0x932e2b59 in forwardMethod () #12 0x934383a1 in -[NSControl keyDown:] () #13 0x0033f671 in -[WebHTMLView keyDown:] (self=0x186b4e70, _cmd=0x90ab0f84, event=0x184dfaf0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebHTMLView.m:3366 #14 0x9334cbe1 in -[NSWindow sendEvent:] () #15 0x0002338e in ?? () #16 0x9333e350 in -[NSApplication sendEvent:] () #17 0x00022f1e in ?? () #18 0x93268dfe in -[NSApplication run] () #19 0x9325cd2f in NSApplicationMain () #20 0x0005f7de in ?? () #21 0x0005f6f9 in ?? ()
Attachments
Proposed fix
(1.32 KB, patch)
2007-01-04 18:34 PST
,
Brady Eidson
mrowe
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Brady Eidson
Comment 1
2007-01-04 18:30:56 PST
I have this in the debugger... despite the fact that the crash is in a block qualified by "HistoryItem::hasPageCache()", the pageCache() is null. I have a strong suspicion this is related to HistoryItem::hasPageCache() not jiving with what HistoryItem::pageCache() returns, which was brought about by the fix for 12087 this morning. Either we need to nuke ::hasPageCache and just use ::pageCache() as the de-facto bool check, or we need to have both methods demonstrate the same behavior. I'll figure out which of those I like better.
Brady Eidson
Comment 2
2007-01-04 18:34:38 PST
Created
attachment 12231
[details]
Proposed fix
Mark Rowe (bdash)
Comment 3
2007-01-04 18:36:10 PST
Comment on
attachment 12231
[details]
Proposed fix r=me
Brady Eidson
Comment 4
2007-01-04 18:36:50 PST
Committed in
r18603
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug