143899 2015-04-17 14:48:36 -0700 [WK2] Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue() 2015-04-17 17:47:39 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez andersca commit-queue kling koivisto sam oldest_to_newest 1086435 0 cdumez 2015-04-17 14:48:36 -0700 Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000060) [ 0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) [inlined] WTF::RefPtr<WebCore::Settings>::operator*() const at RefPtr.h:69:51 0x00007fff9b23651c: movq %rsi, %r13 0x00007fff9b23651f: movq %rdi, %rbx 0x00007fff9b236522: movq 0x8(%rbx), %rsi 0x00007fff9b236526: movq 0x28(%rsi), %rax -> 0x00007fff9b23652a: movq 0x60(%rax), %rax 0x00007fff9b23652e: btq $0x20, 0x104(%rax) 0x00007fff9b236537: jae 0x1a2585 ; <+131> at WebDiagnosticLoggingClient.cpp:72 0x00007fff9b236539: leaq 0x480(%rsi), %rdi 0x00007fff9b236540: movq %r13, %rdx [ 0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) [inlined] WebCore::Page::settings() const at Page.h:199 [ 0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) + 40 at WebDiagnosticLoggingClient.cpp:66 62 } 63 64 void WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(const String& message, const String& description, const String& value, WebCore::ShouldSample shouldSample) 65 { -> 66 if (!m_page.corePage()->settings().diagnosticLoggingEnabled()) 67 return; 68 69 // FIXME: Remove this injected bundle API. 70 m_page.injectedBundleDiagnosticLoggingClient().logDiagnosticMessageWithValue(&m_page, message, description, value); [ 1] 0x00007fff95d28065 WebCore`WebCore::SubresourceLoader::didFinishLoading(double) [inlined] WebCore::logResourceLoaded(WebCore::Frame*, WebCore::CachedResource::Type) + 762 at SubresourceLoader.cpp:352:5 [ 1] 0x00007fff95d27d6b WebCore`WebCore::SubresourceLoader::didFinishLoading(double) + 75 at SubresourceLoader.cpp:364 [ 2] 0x00007fff9b2d7a98 WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 12 at HandleMessage.h:16:5 [ 2] 0x00007fff9b2d7a8c WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) at HandleMessage.h:22 [ 2] 0x00007fff9b2d7a8c WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 24 at HandleMessage.h:92 [ 2] 0x00007fff9b2d7a74 WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 524 at WebResourceLoaderMessageReceiver.cpp:71 [ 3] 0x00007fff9b13a257 WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) [inlined] IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 12 at Connection.cpp:859:5 [ 3] 0x00007fff9b13a24b WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 89 at Connection.cpp:882 [ 4] 0x00007fff9b13c26f WebKit`IPC::Connection::dispatchOneMessage() + 113 at Connection.cpp:910:5 [ 5] 0x00007fff9d054f71 JavaScriptCore`WTF::RunLoop::performWork() [inlined] std::__1::function<void ()>::operator()() const + 9 at functional:1756:12 [ 5] 0x00007fff9d054f68 JavaScriptCore`WTF::RunLoop::performWork() + 856 at RunLoop.cpp:119 [ 6] 0x00007fff9d0554a1 JavaScriptCore`WTF::RunLoop::performWork(void*) + 33 at RunLoopCF.cpp:38:5 [ 7] 0x00007fff9bcc93e0 Radar: <rdar://problem/20584215> 1086436 1 251053 cdumez 2015-04-17 14:50:44 -0700 Created attachment 251053 Patch 1086501 2 251053 commit-queue 2015-04-17 17:47:34 -0700 Comment on attachment 251053 Patch Clearing flags on attachment: 251053 Committed r182979: <http://trac.webkit.org/changeset/182979> 1086502 3 commit-queue 2015-04-17 17:47:39 -0700 All reviewed patches have been landed. Closing bug. 251053 2015-04-17 14:50:44 -0700 2015-04-17 17:47:34 -0700 Patch bug-143899-20150417144945.patch text/plain 3049 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMTgyOTU0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggMWYwM2VjOTc4OTY0MDNk YWEwZmNkYTFlNGU3MmQwOWM5ZGFmMzk1NS4uNjBjYjZkYmE2MThjNjRhZWZjY2M1Yjc1MmYxNmY4 YjUwMzZjOTU0OCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDE1LTA0LTE3ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgUG9zc2libGUgbnVsbCBwb2lu dGVyIGRlcmVmZXJlbmNlIGluIFdlYkRpYWdub3N0aWNMb2dnaW5nQ2xpZW50Ojpsb2dEaWFnbm9z dGljTWVzc2FnZVdpdGhWYWx1ZSgpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0xNDM4OTkKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzIwNTg0MjE1Pgor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFdlYkRpYWdu b3N0aWNMb2dnaW5nQ2xpZW50Ojpsb2dEaWFnbm9zdGljTWVzc2FnZSooKSBtZXRob2RzIGZhaWxl ZCB0bworICAgICAgICBjaGVjayB0aGF0IG1fcGFnZS5jb3JlUGFnZSgpIHdhcyBub24tbnVsbCBi ZWZvcmUgZGVyZWZlcmVuY2luZywgdGh1cworICAgICAgICBjYXVzaW5nIGNyYXNoZXMgd2hlbiBp dCBpcyBudWxsLgorCisgICAgICAgICogV2ViUHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJEaWFn bm9zdGljTG9nZ2luZ0NsaWVudC5jcHA6CisgICAgICAgIChXZWJLaXQ6OldlYkRpYWdub3N0aWNM b2dnaW5nQ2xpZW50Ojpsb2dEaWFnbm9zdGljTWVzc2FnZSk6CisgICAgICAgIChXZWJLaXQ6Oldl YkRpYWdub3N0aWNMb2dnaW5nQ2xpZW50Ojpsb2dEaWFnbm9zdGljTWVzc2FnZVdpdGhSZXN1bHQp OgorICAgICAgICAoV2ViS2l0OjpXZWJEaWFnbm9zdGljTG9nZ2luZ0NsaWVudDo6bG9nRGlhZ25v c3RpY01lc3NhZ2VXaXRoVmFsdWUpOgorCiAyMDE1LTA0LTE3ICBBbnR0aSBLb2l2aXN0byAgPGFu dHRpQGFwcGxlLmNvbT4KIAogICAgICAgICBOZXR3b3JrIENhY2hlOiBSZWFkIHJlc291cmNlIHJl Y29yZCBhbmQgYm9keSBpbiBwYXJhbGxlbApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdDIvV2Vi UHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJEaWFnbm9zdGljTG9nZ2luZ0NsaWVudC5jcHAgYi9T b3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1dlYkNvcmVTdXBwb3J0L1dlYkRpYWdub3N0aWNMb2dn aW5nQ2xpZW50LmNwcAppbmRleCAwZWExODIwNzYwOWZiNmJkNzZjNThjYTRkNDhmNTBhYzdmZDQ1 YzA2Li41YWE0OGIwNDllZjcxYmFkZWZjN2ZmYTBiYzNmYjc4NTgwNWYwNTU2IDEwMDY0NAotLS0g YS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1dlYkNvcmVTdXBwb3J0L1dlYkRpYWdub3N0aWNM b2dnaW5nQ2xpZW50LmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1dlYkNvcmVT dXBwb3J0L1dlYkRpYWdub3N0aWNMb2dnaW5nQ2xpZW50LmNwcApAQCAtNDMsNyArNDMsNyBAQCBX ZWJEaWFnbm9zdGljTG9nZ2luZ0NsaWVudDo6fldlYkRpYWdub3N0aWNMb2dnaW5nQ2xpZW50KCkK IAogdm9pZCBXZWJEaWFnbm9zdGljTG9nZ2luZ0NsaWVudDo6bG9nRGlhZ25vc3RpY01lc3NhZ2Uo Y29uc3QgU3RyaW5nJiBtZXNzYWdlLCBjb25zdCBTdHJpbmcmIGRlc2NyaXB0aW9uLCBXZWJDb3Jl OjpTaG91bGRTYW1wbGUgc2hvdWxkU2FtcGxlKQogewotICAgIGlmICghbV9wYWdlLmNvcmVQYWdl KCktPnNldHRpbmdzKCkuZGlhZ25vc3RpY0xvZ2dpbmdFbmFibGVkKCkpCisgICAgaWYgKCFtX3Bh Z2UuY29yZVBhZ2UoKSB8fCAhbV9wYWdlLmNvcmVQYWdlKCktPnNldHRpbmdzKCkuZGlhZ25vc3Rp Y0xvZ2dpbmdFbmFibGVkKCkpCiAgICAgICAgIHJldHVybjsKIAogICAgIC8vIEZJWE1FOiBSZW1v dmUgdGhpcyBpbmplY3RlZCBidW5kbGUgQVBJLgpAQCAtNTMsNyArNTMsNyBAQCB2b2lkIFdlYkRp YWdub3N0aWNMb2dnaW5nQ2xpZW50Ojpsb2dEaWFnbm9zdGljTWVzc2FnZShjb25zdCBTdHJpbmcm IG1lc3NhZ2UsIGNvbgogCiB2b2lkIFdlYkRpYWdub3N0aWNMb2dnaW5nQ2xpZW50Ojpsb2dEaWFn bm9zdGljTWVzc2FnZVdpdGhSZXN1bHQoY29uc3QgU3RyaW5nJiBtZXNzYWdlLCBjb25zdCBTdHJp bmcmIGRlc2NyaXB0aW9uLCBXZWJDb3JlOjpEaWFnbm9zdGljTG9nZ2luZ1Jlc3VsdFR5cGUgcmVz dWx0LCBXZWJDb3JlOjpTaG91bGRTYW1wbGUgc2hvdWxkU2FtcGxlKQogewotICAgIGlmICghbV9w YWdlLmNvcmVQYWdlKCktPnNldHRpbmdzKCkuZGlhZ25vc3RpY0xvZ2dpbmdFbmFibGVkKCkpCisg ICAgaWYgKCFtX3BhZ2UuY29yZVBhZ2UoKSB8fCAhbV9wYWdlLmNvcmVQYWdlKCktPnNldHRpbmdz KCkuZGlhZ25vc3RpY0xvZ2dpbmdFbmFibGVkKCkpCiAgICAgICAgIHJldHVybjsKIAogICAgIC8v IEZJWE1FOiBSZW1vdmUgdGhpcyBpbmplY3RlZCBidW5kbGUgQVBJLgpAQCAtNjMsNyArNjMsNyBA QCB2b2lkIFdlYkRpYWdub3N0aWNMb2dnaW5nQ2xpZW50Ojpsb2dEaWFnbm9zdGljTWVzc2FnZVdp dGhSZXN1bHQoY29uc3QgU3RyaW5nJiBtZQogCiB2b2lkIFdlYkRpYWdub3N0aWNMb2dnaW5nQ2xp ZW50Ojpsb2dEaWFnbm9zdGljTWVzc2FnZVdpdGhWYWx1ZShjb25zdCBTdHJpbmcmIG1lc3NhZ2Us IGNvbnN0IFN0cmluZyYgZGVzY3JpcHRpb24sIGNvbnN0IFN0cmluZyYgdmFsdWUsIFdlYkNvcmU6 OlNob3VsZFNhbXBsZSBzaG91bGRTYW1wbGUpCiB7Ci0gICAgaWYgKCFtX3BhZ2UuY29yZVBhZ2Uo KS0+c2V0dGluZ3MoKS5kaWFnbm9zdGljTG9nZ2luZ0VuYWJsZWQoKSkKKyAgICBpZiAoIW1fcGFn ZS5jb3JlUGFnZSgpIHx8ICFtX3BhZ2UuY29yZVBhZ2UoKS0+c2V0dGluZ3MoKS5kaWFnbm9zdGlj TG9nZ2luZ0VuYWJsZWQoKSkKICAgICAgICAgcmV0dXJuOwogCiAgICAgLy8gRklYTUU6IFJlbW92 ZSB0aGlzIGluamVjdGVkIGJ1bmRsZSBBUEkuCg==