RESOLVED FIXED 12119
REGRESSION: Null deref in WebCore::PageCache::timeStamp 
https://bugs.webkit.org/show_bug.cgi?id=12119
Summary REGRESSION: Null deref in WebCore::PageCache::timeStamp
Mark Rowe (bdash)
Reported 2007-01-04 17:20:48 PST
Steps to reproduce: 1. Load http://lists.macosforge.org/pipermail/webkit-changes/2007-January/thread.html 2. Click on the email for revision 18502. 3. Click on the "Next message" link until the message about revision 18506 is displayed. 4. Hit Cmd-Left-Arrow repeatedly to get back to the thread index page. Expected results: I would get back to the thread index page. Actual results: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000010 0x013b7dc3 in WebCore::PageCache::timeStamp (this=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/history/PageCache.cpp:76 76 return m_timeStamp; (gdb) bt #0 0x013b7dc3 in WebCore::PageCache::timeStamp (this=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/history/PageCache.cpp:76 #1 0x0139ac3a in WebCore::FrameLoader::loadItem (this=0x2843400, item=0x18653610, loadType=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2790 #2 0x0139b5c9 in WebCore::FrameLoader::recursiveGoToItem (this=0x2843400, item=0x18653610, fromItem=0x186b3b60, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2951 #3 0x0139b6b7 in WebCore::FrameLoader::goToItem (this=0x2843400, targetItem=0x18653610, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2899 #4 0x0119e27c in WebCore::Page::goToItem (this=0x2163ed0, item=0x18653610, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:132 #5 0x0119e317 in WebCore::Page::goBack (this=0x2163ed0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:108 #6 0x00364689 in -[WebView goBack] (self=0x21603c0, _cmd=0x90aa7630) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:2117 #7 0x0035b54d in -[WebFrameView _goBack] (self=0x21616b0, _cmd=0x90a75f50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebFrameView.mm:555 #8 0x0035c78b in -[WebFrameView keyDown:] (self=0x21616b0, _cmd=0x90ab0f84, event=0x184dfaf0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebFrameView.mm:809 #9 0x932e2b59 in forwardMethod () #10 0x932e2b59 in forwardMethod () #11 0x932e2b59 in forwardMethod () #12 0x934383a1 in -[NSControl keyDown:] () #13 0x0033f671 in -[WebHTMLView keyDown:] (self=0x186b4e70, _cmd=0x90ab0f84, event=0x184dfaf0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebHTMLView.m:3366 #14 0x9334cbe1 in -[NSWindow sendEvent:] () #15 0x0002338e in ?? () #16 0x9333e350 in -[NSApplication sendEvent:] () #17 0x00022f1e in ?? () #18 0x93268dfe in -[NSApplication run] () #19 0x9325cd2f in NSApplicationMain () #20 0x0005f7de in ?? () #21 0x0005f6f9 in ?? ()
Attachments
Proposed fix (1.32 KB, patch)
2007-01-04 18:34 PST, Brady Eidson 		mrowe: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brady Eidson
Comment 1 2007-01-04 18:30:56 PST
I have this in the debugger... despite the fact that the crash is in a block qualified by "HistoryItem::hasPageCache()", the pageCache() is null. I have a strong suspicion this is related to HistoryItem::hasPageCache() not jiving with what HistoryItem::pageCache() returns, which was brought about by the fix for 12087 this morning. Either we need to nuke ::hasPageCache and just use ::pageCache() as the de-facto bool check, or we need to have both methods demonstrate the same behavior. I'll figure out which of those I like better.
Brady Eidson
Comment 2 2007-01-04 18:34:38 PST
Created attachment 12231 [details] Proposed fix
Mark Rowe (bdash)
Comment 3 2007-01-04 18:36:10 PST
Comment on attachment 12231 [details] Proposed fix r=me
Brady Eidson
Comment 4 2007-01-04 18:36:50 PST
Committed in r18603
Note You need to log in before you can comment on or make changes to this bug.