101119 2012-11-02 16:08:56 -0700 Crash calling is8Bit() in visitedLinkHash() 2022-02-28 04:05:23 -0800 1 1 1 Unclassified WebKit Platform 528+ (Nightly build) All All RESOLVED FIXED InRadar P1 Normal --- 1 msaboff msaboff oldest_to_newest 757717 0 msaboff 2012-11-02 16:08:56 -0700 Changeset r133334: <http://trac.webkit.org/changeset/133334> introduced a call to is8Bit() on a possibly null string. Appropriate checks need to be added for both KURL and attributeURL. From <rdar://problem/12628447> Crash calling is8Bit() in visitedLinkHash(): I just crashed at the stack below. Was at <http://www.nationalmemo.com/why-do-so-many-republicans-really-hate-obama/>, went into Reader mode, tried to scroll. attributeURL is a null string. frame #13: 0x00000001011a6bf5 WebKit2`WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 149 at WebConnectionToUIProcess.cpp:71 frame #14: 0x00000001011a6c3d WebKit2`non-virtual thunk to WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 61 at WebConnectionToUIProcess.cpp:72 frame #15: 0x00000001010311f8 WebKit2`CoreIPC::Connection::dispatchMessage(CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 72 at Connection.cpp:663 frame #16: 0x000000010102eade WebKit2`CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::MessageDecoder>&) + 318 at Connection.cpp:686 frame #17: 0x00000001010311a9 WebKit2`CoreIPC::Connection::dispatchOneMessage() + 201 at Connection.cpp:712 frame #18: 0x0000000101038040 WebKit2`WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) + 112 at Functional.h:174 frame #19: 0x0000000101037fc5 WebKit2`WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() + 53 at Functional.h:406 frame #20: 0x00000001046417c9 WebCore`WTF::Function<void ()>::operator()() const + 137 at Functional.h:614 frame #21: 0x000000010464140f WebCore`WebCore::RunLoop::performWork() + 207 at RunLoop.cpp:87 frame #22: 0x000000010464291e WebCore`WebCore::RunLoop::performWork(void*) + 62 at RunLoopCF.cpp:66 frame #23: 0x00007fff88383101 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #24: 0x00007fff88382aed CoreFoundation`__CFRunLoopDoSources0 + 445 frame #25: 0x00007fff883a5dc5 CoreFoundation`__CFRunLoopRun + 789 frame #26: 0x00007fff883a56b2 CoreFoundation`CFRunLoopRunSpecific + 290 frame #27: 0x00007fff8e6ba0a4 HIToolbox`RunCurrentEventLoopInMode + 209 frame #28: 0x00007fff8e6b9e42 HIToolbox`ReceiveNextEventCommon + 356 frame #29: 0x00007fff8e6b9cd3 HIToolbox`BlockUntilNextEventMatchingListInMode + 62 frame #30: 0x00007fff83ef8613 AppKit`_DPSNextEvent + 685 frame #31: 0x00007fff83ef7ed2 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 frame #32: 0x00007fff83eef283 AppKit`-[NSApplication run] + 517 frame #33: 0x000000010464359c WebCore`WebCore::RunLoop::run() + 92 at RunLoopMac.mm:36 frame #34: 0x0000000101341449 WebKit2`WebKit::WebProcessMain(WebKit::CommandLine const&) + 4233 at WebProcessMainMac.mm:190 frame #35: 0x0000000101239a7a WebKit2`WebKitMain + 202 at WebKitMain.cpp:58 frame #36: 0x0000000101239989 WebKit2`WebKitMain + 153 at WebKitMain.cpp:88 757723 1 172169 msaboff 2012-11-02 16:12:13 -0700 Created attachment 172169 Patch 757728 2 172169 fpizlo 2012-11-02 16:19:03 -0700 Comment on attachment 172169 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=172169&action=review > Source/WebCore/ChangeLog:8 > + Added a length check to AttributeURL and a isEmpty() check to KURL. Nit: they're both isEmpty() checks. 757771 3 msaboff 2012-11-02 17:02:55 -0700 Committed r133377: <http://trac.webkit.org/changeset/133377> 172169 2012-11-02 16:12:13 -0700 2022-02-28 04:05:23 -0800 Patch 101119.patch text/plain 1400 msaboff SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEzMzM2MykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDEyLTExLTAyICBNaWNoYWVs IFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAgICAgIENyYXNoIGNhbGxpbmcgaXM4 Qml0KCkgaW4gdmlzaXRlZExpbmtIYXNoKCkKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTEwMTExOQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgIEFkZGVkIGEgbGVuZ3RoIGNoZWNrIHRvIEF0dHJpYnV0ZVVSTCBh bmQgYSBpc0VtcHR5KCkgY2hlY2sgdG8gS1VSTC4KKworICAgICAgICAqIHBsYXRmb3JtL0xpbmtI YXNoLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OnZpc2l0ZWRMaW5rSGFzaCk6CisKIDIwMTItMTEt MDIgIFN0ZXBoZW4gQ2hlbm5leSAgPHNjaGVubmV5QGNocm9taXVtLm9yZz4KIAogICAgICAgICBS ZWR1Y2UgcmVkdW5kYW50IGNvZGUgaW4gU2ltcGxlRm9udERhdGFbcGxhdGZvcm1dCkluZGV4OiBT b3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9MaW5rSGFzaC5jcHAKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNl L1dlYkNvcmUvcGxhdGZvcm0vTGlua0hhc2guY3BwCShyZXZpc2lvbiAxMzMzNTApCisrKyBTb3Vy Y2UvV2ViQ29yZS9wbGF0Zm9ybS9MaW5rSGFzaC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTI5MSw3 ICsyOTEsMTAgQEAgdm9pZCB2aXNpdGVkVVJMKGNvbnN0IEtVUkwmIGJhc2UsIGNvbnN0IAogCiBM aW5rSGFzaCB2aXNpdGVkTGlua0hhc2goY29uc3QgS1VSTCYgYmFzZSwgY29uc3QgQXRvbWljU3Ry aW5nJiBhdHRyaWJ1dGVVUkwpCiB7Ci0gICAgaWYgKGJhc2Uuc3RyaW5nKCkuaXM4Qml0KCkgJiYg YXR0cmlidXRlVVJMLmlzOEJpdCgpKSB7CisgICAgaWYgKGF0dHJpYnV0ZVVSTC5pc0VtcHR5KCkp CisgICAgICAgIHJldHVybiAwOworCisgICAgaWYgKCFiYXNlLnN0cmluZygpLmlzRW1wdHkoKSAm JiBiYXNlLnN0cmluZygpLmlzOEJpdCgpICYmIGF0dHJpYnV0ZVVSTC5pczhCaXQoKSkgewogICAg ICAgICBWZWN0b3I8TENoYXIsIDUxMj4gdXJsOwogICAgICAgICB2aXNpdGVkVVJMSW5saW5lKGJh c2UsIGF0dHJpYnV0ZVVSTC5jaGFyYWN0ZXJzOCgpLCBhdHRyaWJ1dGVVUkwubGVuZ3RoKCksIHVy bCk7CiAgICAgICAgIGlmICh1cmwuaXNFbXB0eSgpKQo=