12119 2007-01-04 17:20:48 -0800 REGRESSION: Null deref in WebCore::PageCache::timeStamp 2007-01-04 18:36:50 -0800 1 1 1 Unclassified WebKit Page Loading 420+ Mac OS X 10.4 RESOLVED FIXED Regression P1 Major --- 1 mrowe beidson beidson oldest_to_newest 37060 0 mrowe 2007-01-04 17:20:48 -0800 Steps to reproduce: 1. Load http://lists.macosforge.org/pipermail/webkit-changes/2007-January/thread.html 2. Click on the email for revision 18502. 3. Click on the "Next message" link until the message about revision 18506 is displayed. 4. Hit Cmd-Left-Arrow repeatedly to get back to the thread index page. Expected results: I would get back to the thread index page. Actual results: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000010 0x013b7dc3 in WebCore::PageCache::timeStamp (this=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/history/PageCache.cpp:76 76 return m_timeStamp; (gdb) bt #0 0x013b7dc3 in WebCore::PageCache::timeStamp (this=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/history/PageCache.cpp:76 #1 0x0139ac3a in WebCore::FrameLoader::loadItem (this=0x2843400, item=0x18653610, loadType=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2790 #2 0x0139b5c9 in WebCore::FrameLoader::recursiveGoToItem (this=0x2843400, item=0x18653610, fromItem=0x186b3b60, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2951 #3 0x0139b6b7 in WebCore::FrameLoader::goToItem (this=0x2843400, targetItem=0x18653610, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2899 #4 0x0119e27c in WebCore::Page::goToItem (this=0x2163ed0, item=0x18653610, type=WebCore::FrameLoadTypeBack) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:132 #5 0x0119e317 in WebCore::Page::goBack (this=0x2163ed0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:108 #6 0x00364689 in -[WebView goBack] (self=0x21603c0, _cmd=0x90aa7630) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:2117 #7 0x0035b54d in -[WebFrameView _goBack] (self=0x21616b0, _cmd=0x90a75f50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebFrameView.mm:555 #8 0x0035c78b in -[WebFrameView keyDown:] (self=0x21616b0, _cmd=0x90ab0f84, event=0x184dfaf0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebFrameView.mm:809 #9 0x932e2b59 in forwardMethod () #10 0x932e2b59 in forwardMethod () #11 0x932e2b59 in forwardMethod () #12 0x934383a1 in -[NSControl keyDown:] () #13 0x0033f671 in -[WebHTMLView keyDown:] (self=0x186b4e70, _cmd=0x90ab0f84, event=0x184dfaf0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebHTMLView.m:3366 #14 0x9334cbe1 in -[NSWindow sendEvent:] () #15 0x0002338e in ?? () #16 0x9333e350 in -[NSApplication sendEvent:] () #17 0x00022f1e in ?? () #18 0x93268dfe in -[NSApplication run] () #19 0x9325cd2f in NSApplicationMain () #20 0x0005f7de in ?? () #21 0x0005f6f9 in ?? () 37061 1 beidson 2007-01-04 18:30:56 -0800 I have this in the debugger... despite the fact that the crash is in a block qualified by "HistoryItem::hasPageCache()", the pageCache() is null. I have a strong suspicion this is related to HistoryItem::hasPageCache() not jiving with what HistoryItem::pageCache() returns, which was brought about by the fix for 12087 this morning. Either we need to nuke ::hasPageCache and just use ::pageCache() as the de-facto bool check, or we need to have both methods demonstrate the same behavior. I'll figure out which of those I like better. 37033 2 12231 beidson 2007-01-04 18:34:38 -0800 Created attachment 12231 Proposed fix 37034 3 12231 mrowe 2007-01-04 18:36:10 -0800 Comment on attachment 12231 Proposed fix r=me 37032 4 beidson 2007-01-04 18:36:50 -0800 Committed in r18603 12231 2007-01-04 18:34:38 -0800 2007-01-04 18:36:10 -0800 Proposed fix 12119patch.txt text/plain 1349 beidson SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDE4NjAy KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAKKzIwMDctMDEt MDQgIEJyYWR5IEVpZHNvbiAgPGJlaWRzb25AYXBwbGUuY29tPgorCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIGh0dHA6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTEyMTE5CisgICAgICAgIENoYW5naW5nIHRoZSBiZWhhdmlvciBvZiBIaXN0 b3J5SXRlbTo6cGFnZUNhY2hlKCkgdGhpcyBtb3JuaW5nIGFsc28gbmVjZXNzaXRhdGVkCisgICAg ICAgIGNoYW5naW5nIHRoZSBiZWhhdmlvciBvZiBIaXN0b3J5SXRlbTo6aGFzUGFnZUNhY2hlKCkK KworICAgICAgICAqIGhpc3RvcnkvSGlzdG9yeUl0ZW0uY3BwOgorICAgICAgICAoV2ViQ29yZTo6 SGlzdG9yeUl0ZW06Omhhc1BhZ2VDYWNoZSk6IEFkZCB0aGUgc2FtZSBwZW5kaW5nUmVsZWFzZSBj aGVjayBwYWdlQ2FjaGUoKSBoYXMKKwogMjAwNy0wMS0wNCAgTWl0eiBQZXR0ZWwgIDxtaXR6QHdl YmtpdC5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgU2FtIFdlaW5pZy4KSW5kZXg6IGhpc3Rv cnkvSGlzdG9yeUl0ZW0uY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGhpc3RvcnkvSGlzdG9yeUl0ZW0uY3Bw CShyZXZpc2lvbiAxODYwMikKKysrIGhpc3RvcnkvSGlzdG9yeUl0ZW0uY3BwCSh3b3JraW5nIGNv cHkpCkBAIC0zNjYsNiArMzY2LDEzIEBACiAgICAgcmV0dXJuIG1fcGFnZUNhY2hlLmdldCgpOwog fQogCitib29sIEhpc3RvcnlJdGVtOjpoYXNQYWdlQ2FjaGUoKSBjb25zdAoreworICAgIGlmICht X3BhZ2VDYWNoZUlzUGVuZGluZ1JlbGVhc2UpCisgICAgICAgIHJldHVybiBmYWxzZTsKKyAgICBy ZXR1cm4gbV9wYWdlQ2FjaGU7Cit9CisKIGNvbnN0IEhpc3RvcnlJdGVtVmVjdG9yJiBIaXN0b3J5 SXRlbTo6Y2hpbGRyZW4oKSBjb25zdAogewogICAgIHJldHVybiBtX3N1Ykl0ZW1zOwpAQCAtNDIz LDExICs0MzAsNiBAQAogICAgICAgICBtX3Zpc2l0Q291bnQgKz0gb3RoZXJJdGVtLT5tX3Zpc2l0 Q291bnQ7CiB9CiAKLWJvb2wgSGlzdG9yeUl0ZW06Omhhc1BhZ2VDYWNoZSgpIGNvbnN0Ci17Ci0g ICAgcmV0dXJuIG1fcGFnZUNhY2hlOwotfQotCiAvLyBUaW1lciBtYW5hZ2VtZW50IGZ1bmN0aW9u cwogCiBzdGF0aWMgSGlzdG9yeUl0ZW1UaW1lciYgdGltZXIoKQo=