168608 2017-02-20 12:04:48 -0800 Nullptr dereferences when stopping a load 2017-02-20 13:00:52 -0800 1 1 1 Unclassified WebKit Page Loading WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bfulgham bfulgham beidson bfulgham cdumez commit-queue dbates ddkilzer japhet rniwa oldest_to_newest 1279017 0 bfulgham 2017-02-20 12:04:48 -0800 We have seen crash traces that indicate the frame is being detached from the document while stopping a load, leading to nullptr dereferences and crashes. Other loading code anticipates the possibility the the frame is nullptr. Since these crashes are happening at the tail end of the load termination, when attempting to notify the now-detached client that the load was stopped, we should probably just recognize this is happening and avoid the dereference. 1279018 1 302163 bfulgham 2017-02-20 12:09:06 -0800 Created attachment 302163 Patch 1279020 2 302163 rniwa 2017-02-20 12:14:08 -0800 Comment on attachment 302163 Patch r=me. It's sad we can't have a test for this. 1279036 3 bfulgham 2017-02-20 12:59:44 -0800 Committed r212667: <http://trac.webkit.org/changeset/212667> 1279038 4 bfulgham 2017-02-20 13:00:52 -0800 <rdar://problem/29852056> 302163 2017-02-20 12:09:06 -0800 2017-02-20 12:14:08 -0800 Patch bug-168608-20170220120620.patch text/plain 3164 bfulgham SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIxMjY2MykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE4IEBACisyMDE3LTAyLTIwICBCcmVudCBG dWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29tPgorCisgICAgICAgIE51bGxwdHIgZGVyZWZlcmVu Y2VzIHdoZW4gc3RvcHBpbmcgYSBsb2FkCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD0xNjg2MDgKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzI5ODUyMDU2 PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIERvbid0 IGF0dGVtcHQgdG8gbm90aWZ5IGEgZGV0YWNoZWQgZnJhbWUncyBsb2FkIGNsaWVudCB0aGF0IHRo ZSBsb2FkIGlzCisgICAgICAgIHN0b3BwZWQuCisKKyAgICAgICAgKiBsb2FkZXIvRG9jdW1lbnRM b2FkZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6RG9jdW1lbnRMb2FkZXI6OnN0b3BMb2FkaW5n KTogQ2hlY2sgZm9yIG51bGwgZnJhbWUgbG9hZGVyIGFuZAorICAgICAgICBieXBhc3MgZGVyZWZl cmVuY2luZyBpdC4gCisKIDIwMTctMDItMTcgIEFuZGVycyBDYXJsc3NvbiAgPGFuZGVyc2NhQGFw cGxlLmNvbT4KIAogICAgICAgICBBZGQgYSBuZXcgZHJhZyBjb2RlIHBhdGggYW5kIHVzZSBpdCBm b3IgZHJhZ2dpbmcgcGxhaW4gdGV4dApJbmRleDogU291cmNlL1dlYkNvcmUvbG9hZGVyL0RvY3Vt ZW50TG9hZGVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9sb2FkZXIvRG9jdW1l bnRMb2FkZXIuY3BwCShyZXZpc2lvbiAyMTIzNDkpCisrKyBTb3VyY2UvV2ViQ29yZS9sb2FkZXIv RG9jdW1lbnRMb2FkZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0zMDUsMTkgKzMwNSwyMCBAQCB2 b2lkIERvY3VtZW50TG9hZGVyOjpzdG9wTG9hZGluZygpCiAKICAgICBtX2lzU3RvcHBpbmcgPSB0 cnVlOwogCi0gICAgRnJhbWVMb2FkZXIqIGZyYW1lTG9hZGVyID0gRG9jdW1lbnRMb2FkZXI6OmZy YW1lTG9hZGVyKCk7Ci0gICAgCi0gICAgaWYgKGlzTG9hZGluZ01haW5SZXNvdXJjZSgpKSB7Ci0g ICAgICAgIC8vIFN0b3AgdGhlIG1haW4gcmVzb3VyY2UgbG9hZGVyIGFuZCBsZXQgaXQgc2VuZCB0 aGUgY2FuY2VsbGVkIG1lc3NhZ2UuCi0gICAgICAgIGNhbmNlbE1haW5SZXNvdXJjZUxvYWQoZnJh bWVMb2FkZXItPmNhbmNlbGxlZEVycm9yKG1fcmVxdWVzdCkpOwotICAgIH0gZWxzZSBpZiAoIW1f c3VicmVzb3VyY2VMb2FkZXJzLmlzRW1wdHkoKSB8fCAhbV9wbHVnSW5TdHJlYW1Mb2FkZXJzLmlz RW1wdHkoKSkgewotICAgICAgICAvLyBUaGUgbWFpbiByZXNvdXJjZSBsb2FkZXIgYWxyZWFkeSBm aW5pc2hlZCBsb2FkaW5nLiBTZXQgdGhlIGNhbmNlbGxlZCBlcnJvciBvbiB0aGUKLSAgICAgICAg Ly8gZG9jdW1lbnQgYW5kIGxldCB0aGUgc3VicmVzb3VyY2VMb2FkZXJzIGFuZCBwbHVnaW5Mb2Fk ZXJzIHNlbmQgaW5kaXZpZHVhbCBjYW5jZWxsZWQgbWVzc2FnZXMgYmVsb3cuCi0gICAgICAgIHNl dE1haW5Eb2N1bWVudEVycm9yKGZyYW1lTG9hZGVyLT5jYW5jZWxsZWRFcnJvcihtX3JlcXVlc3Qp KTsKLSAgICB9IGVsc2UgewotICAgICAgICAvLyBJZiB0aGVyZSBhcmUgbm8gcmVzb3VyY2UgbG9h ZGVycywgd2UgbmVlZCB0byBtYW51ZmFjdHVyZSBhIGNhbmNlbGxlZCBtZXNzYWdlLgotICAgICAg ICAvLyAoQSBiYWNrL2ZvcndhcmQgbmF2aWdhdGlvbiBoYXMgbm8gcmVzb3VyY2UgbG9hZGVycyBi ZWNhdXNlIGl0cyByZXNvdXJjZXMgYXJlIGNhY2hlZC4pCi0gICAgICAgIG1haW5SZWNlaXZlZEVy cm9yKGZyYW1lTG9hZGVyLT5jYW5jZWxsZWRFcnJvcihtX3JlcXVlc3QpKTsKKyAgICAvLyBUaGUg ZnJhbWUgbWF5IGhhdmUgYmVlbiBkZXRhY2hlZCBmcm9tIHRoaXMgZG9jdW1lbnQgYnkgdGhlIG9u dW5sb2FkIGhhbmRsZXIKKyAgICBpZiAoYXV0byogZnJhbWVMb2FkZXIgPSBEb2N1bWVudExvYWRl cjo6ZnJhbWVMb2FkZXIoKSkgeworICAgICAgICBpZiAoaXNMb2FkaW5nTWFpblJlc291cmNlKCkp IHsKKyAgICAgICAgICAgIC8vIFN0b3AgdGhlIG1haW4gcmVzb3VyY2UgbG9hZGVyIGFuZCBsZXQg aXQgc2VuZCB0aGUgY2FuY2VsbGVkIG1lc3NhZ2UuCisgICAgICAgICAgICBjYW5jZWxNYWluUmVz b3VyY2VMb2FkKGZyYW1lTG9hZGVyLT5jYW5jZWxsZWRFcnJvcihtX3JlcXVlc3QpKTsKKyAgICAg ICAgfSBlbHNlIGlmICghbV9zdWJyZXNvdXJjZUxvYWRlcnMuaXNFbXB0eSgpIHx8ICFtX3BsdWdJ blN0cmVhbUxvYWRlcnMuaXNFbXB0eSgpKSB7CisgICAgICAgICAgICAvLyBUaGUgbWFpbiByZXNv dXJjZSBsb2FkZXIgYWxyZWFkeSBmaW5pc2hlZCBsb2FkaW5nLiBTZXQgdGhlIGNhbmNlbGxlZCBl cnJvciBvbiB0aGUKKyAgICAgICAgICAgIC8vIGRvY3VtZW50IGFuZCBsZXQgdGhlIHN1YnJlc291 cmNlTG9hZGVycyBhbmQgcGx1Z2luTG9hZGVycyBzZW5kIGluZGl2aWR1YWwgY2FuY2VsbGVkIG1l c3NhZ2VzIGJlbG93LgorICAgICAgICAgICAgc2V0TWFpbkRvY3VtZW50RXJyb3IoZnJhbWVMb2Fk ZXItPmNhbmNlbGxlZEVycm9yKG1fcmVxdWVzdCkpOworICAgICAgICB9IGVsc2UgeworICAgICAg ICAgICAgLy8gSWYgdGhlcmUgYXJlIG5vIHJlc291cmNlIGxvYWRlcnMsIHdlIG5lZWQgdG8gbWFu dWZhY3R1cmUgYSBjYW5jZWxsZWQgbWVzc2FnZS4KKyAgICAgICAgICAgIC8vIChBIGJhY2svZm9y d2FyZCBuYXZpZ2F0aW9uIGhhcyBubyByZXNvdXJjZSBsb2FkZXJzIGJlY2F1c2UgaXRzIHJlc291 cmNlcyBhcmUgY2FjaGVkLikKKyAgICAgICAgICAgIG1haW5SZWNlaXZlZEVycm9yKGZyYW1lTG9h ZGVyLT5jYW5jZWxsZWRFcnJvcihtX3JlcXVlc3QpKTsKKyAgICAgICAgfQogICAgIH0KIAogICAg IC8vIFdlIGFsd2F5cyBuZWVkIHRvIGV4cGxpY2l0bHkgY2FuY2VsIHRoZSBEb2N1bWVudCdzIHBh cnNlciB3aGVuIHN0b3BwaW5nIHRoZSBsb2FkLgo=