183704 2018-03-16 12:31:40 -0700 Set a trap to catch an infrequent form-related nullptr crash 2018-03-16 14:18:31 -0700 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bfulgham bfulgham cdumez dbates ddkilzer ews-watchlist japhet rniwa webkit-bug-importer wenson_hsieh oldest_to_newest 1407072 0 bfulgham 2018-03-16 12:31:40 -0700 Crash data indicates that we are attempting to process a form where the document's frame has been nulled out. We don't have a reproducible test case to trigger this behavior, so the following patch attempts to trap the unusual condition that seems likely to be the cause of the crash. 1407075 1 335961 bfulgham 2018-03-16 12:40:44 -0700 Created attachment 335961 Patch 1407089 2 335961 ddkilzer 2018-03-16 13:24:09 -0700 Comment on attachment 335961 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=335961&action=review r=me, except I'm not a WebKit2 reviewer. > Source/WebCore/loader/FormState.cpp:54 > + // Beartrap for <rdar://problem/37579354> Uber-Nit. WebKit style says comments should end with a period. 1407105 3 bfulgham 2018-03-16 14:17:29 -0700 Committed r229683: <https://trac.webkit.org/changeset/229683> 1407106 4 webkit-bug-importer 2018-03-16 14:18:31 -0700 <rdar://problem/38558524> 335961 2018-03-16 12:40:44 -0700 2018-03-16 14:00:42 -0700 Patch bug-183704-20180316124044.patch text/plain 4742 bfulgham SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIyOTY3OSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBACisyMDE4LTAzLTE2ICBCcmVudCBG dWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29tPgorCisgICAgICAgIFNldCBhIHRyYXAgdG8gY2F0 Y2ggYW4gaW5mcmVxdWVudCBmb3JtLXJlbGF0ZWQgbnVsbHB0ciBjcmFzaAorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTgzNzA0CisgICAgICAgIDxyZGFy Oi8vcHJvYmxlbS8zNzU3OTM1ND4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICBNYWtlIEZvcm1TdGF0ZSBhIEZyYW1lRGVzdHJ1Y3Rpb25PYnNlcnZlci4g V2UgZXhwZWN0IGFsbCByZWxldmFudCBGb3JtU3RhdGUgb2JqZWN0cyB0byBoYXZlIGJlZW4KKyAg ICAgICAgY2xlYW5lZCB1cCBwcmlvciB0byB0aGUgZnJhbWUgYmVpbmcgZGVzdHJveWVkLiBJZiB3 ZSBmaW5kIHN1Y2ggYSBjYXNlLCB3ZSdkIGxpa2UgdG8gc2VlIHRoZQorICAgICAgICBzdGFjayB0 cmFjZSB0byBzZWUgd2hhdCdzIGdvaW5nIG9uLgorCisgICAgICAgICogbG9hZGVyL0Zvcm1TdGF0 ZS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpGb3JtU3RhdGU6OkZvcm1TdGF0ZSk6CisgICAgICAg IChXZWJDb3JlOjpGb3JtU3RhdGU6OndpbGxEZXRhY2hQYWdlKTogUkVMRUFTRV9BU1NFUlRfTk9U X1JFQUNIRUQgaWYgd2UgZXZlciBnZXQgaGVyZS4KKyAgICAgICAgKiBsb2FkZXIvRm9ybVN0YXRl Lmg6CisKIDIwMTgtMDMtMTYgIE1lZ2FuIEdhcmRuZXIgIDxtZWdhbl9nYXJkbmVyQGFwcGxlLmNv bT4KIAogICAgICAgICBFbnN1cmUgdGhhdCBzdHlsZSBpcyB1cGRhdGVkIHdoZW4gdGhlIGVmZmVj dGl2ZSBhcHBlYXJhbmNlIGNoYW5nZXMKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2xvYWRlci9Gb3Jt U3RhdGUuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2xvYWRlci9Gb3JtU3RhdGUu Y3BwCShyZXZpc2lvbiAyMjk1OTkpCisrKyBTb3VyY2UvV2ViQ29yZS9sb2FkZXIvRm9ybVN0YXRl LmNwcAkod29ya2luZyBjb3B5KQpAQCAtMzUsMTEgKzM1LDEzIEBACiBuYW1lc3BhY2UgV2ViQ29y ZSB7CiAKIGlubGluZSBGb3JtU3RhdGU6OkZvcm1TdGF0ZShIVE1MRm9ybUVsZW1lbnQmIGZvcm0s IFN0cmluZ1BhaXJWZWN0b3ImJiB0ZXh0RmllbGRWYWx1ZXMsIERvY3VtZW50JiBzb3VyY2VEb2N1 bWVudCwgRm9ybVN1Ym1pc3Npb25UcmlnZ2VyIGZvcm1TdWJtaXNzaW9uVHJpZ2dlcikKLSAgICA6 IG1fZm9ybShmb3JtKQorICAgIDogRnJhbWVEZXN0cnVjdGlvbk9ic2VydmVyKHNvdXJjZURvY3Vt ZW50LmZyYW1lKCkpCisgICAgLCBtX2Zvcm0oZm9ybSkKICAgICAsIG1fdGV4dEZpZWxkVmFsdWVz KFdURk1vdmUodGV4dEZpZWxkVmFsdWVzKSkKICAgICAsIG1fc291cmNlRG9jdW1lbnQoc291cmNl RG9jdW1lbnQpCiAgICAgLCBtX2Zvcm1TdWJtaXNzaW9uVHJpZ2dlcihmb3JtU3VibWlzc2lvblRy aWdnZXIpCiB7CisgICAgUkVMRUFTRV9BU1NFUlQoc291cmNlRG9jdW1lbnQuZnJhbWUoKSk7CiB9 CiAKIFJlZjxGb3JtU3RhdGU+IEZvcm1TdGF0ZTo6Y3JlYXRlKEhUTUxGb3JtRWxlbWVudCYgZm9y bSwgU3RyaW5nUGFpclZlY3RvciYmIHRleHRGaWVsZFZhbHVlcywgRG9jdW1lbnQmIHNvdXJjZURv Y3VtZW50LCBGb3JtU3VibWlzc2lvblRyaWdnZXIgZm9ybVN1Ym1pc3Npb25UcmlnZ2VyKQpAQCAt NDcsNCArNDksMTAgQEAgUmVmPEZvcm1TdGF0ZT4gRm9ybVN0YXRlOjpjcmVhdGUoSFRNTEZvcgog ICAgIHJldHVybiBhZG9wdFJlZigqbmV3IEZvcm1TdGF0ZShmb3JtLCBXVEZNb3ZlKHRleHRGaWVs ZFZhbHVlcyksIHNvdXJjZURvY3VtZW50LCBmb3JtU3VibWlzc2lvblRyaWdnZXIpKTsKIH0KIAor dm9pZCBGb3JtU3RhdGU6OndpbGxEZXRhY2hQYWdlKCkKK3sKKyAgICAvLyBCZWFydHJhcCBmb3Ig PHJkYXI6Ly9wcm9ibGVtLzM3NTc5MzU0PgorICAgIFJFTEVBU0VfQVNTRVJUX05PVF9SRUFDSEVE KCk7Cit9CisKIH0KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2xvYWRlci9Gb3JtU3RhdGUuaAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9sb2FkZXIvRm9ybVN0YXRlLmgJKHJldmlzaW9uIDIy OTU5OSkKKysrIFNvdXJjZS9XZWJDb3JlL2xvYWRlci9Gb3JtU3RhdGUuaAkod29ya2luZyBjb3B5 KQpAQCAtMjgsNiArMjgsNyBAQAogCiAjcHJhZ21hIG9uY2UKIAorI2luY2x1ZGUgIkZyYW1lRGVz dHJ1Y3Rpb25PYnNlcnZlci5oIgogI2luY2x1ZGUgPHd0Zi90ZXh0L1dURlN0cmluZy5oPgogCiBu YW1lc3BhY2UgV2ViQ29yZSB7CkBAIC0zOSw3ICs0MCw3IEBAIGVudW0gRm9ybVN1Ym1pc3Npb25U cmlnZ2VyIHsgU3VibWl0dGVkQnkKIAogdXNpbmcgU3RyaW5nUGFpclZlY3RvciA9IFZlY3Rvcjxz dGQ6OnBhaXI8U3RyaW5nLCBTdHJpbmc+PjsKIAotY2xhc3MgRm9ybVN0YXRlIDogcHVibGljIFJl ZkNvdW50ZWQ8Rm9ybVN0YXRlPiB7CitjbGFzcyBGb3JtU3RhdGUgOiBwdWJsaWMgUmVmQ291bnRl ZDxGb3JtU3RhdGU+LCBwdWJsaWMgRnJhbWVEZXN0cnVjdGlvbk9ic2VydmVyIHsKIHB1YmxpYzoK ICAgICBzdGF0aWMgUmVmPEZvcm1TdGF0ZT4gY3JlYXRlKEhUTUxGb3JtRWxlbWVudCYsIFN0cmlu Z1BhaXJWZWN0b3ImJiB0ZXh0RmllbGRWYWx1ZXMsIERvY3VtZW50JiwgRm9ybVN1Ym1pc3Npb25U cmlnZ2VyKTsKIApAQCAtNTAsNiArNTEsNyBAQCBwdWJsaWM6CiAKIHByaXZhdGU6CiAgICAgRm9y bVN0YXRlKEhUTUxGb3JtRWxlbWVudCYsIFN0cmluZ1BhaXJWZWN0b3ImJiB0ZXh0RmllbGRWYWx1 ZXMsIERvY3VtZW50JiwgRm9ybVN1Ym1pc3Npb25UcmlnZ2VyKTsKKyAgICB2b2lkIHdpbGxEZXRh Y2hQYWdlKCkgb3ZlcnJpZGU7CiAKICAgICBSZWY8SFRNTEZvcm1FbGVtZW50PiBtX2Zvcm07CiAg ICAgU3RyaW5nUGFpclZlY3RvciBtX3RleHRGaWVsZFZhbHVlczsKSW5kZXg6IFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCShyZXZp c2lvbiAyMjk1OTkpCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpA QCAtMSwzICsxLDE2IEBACisyMDE4LTAzLTE2ICBCcmVudCBGdWxnaGFtICA8YmZ1bGdoYW1AYXBw bGUuY29tPgorCisgICAgICAgIFNldCBhIHRyYXAgdG8gY2F0Y2ggYW4gaW5mcmVxdWVudCBmb3Jt LXJlbGF0ZWQgbnVsbHB0ciBjcmFzaAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTgzNzA0CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS8zNzU3OTM1ND4K KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBZGQgYSBS RUxFQVNFX0FTU0VSVCB0byBzZWUgaWYgd2UgZXZlciBlbmNvdW50ZXIgYSBudWxscHRyIFdlYkNv cmUgZnJhbWUuCisKKyAgICAgICAgKiBXZWJQcm9jZXNzL1dlYkNvcmVTdXBwb3J0L1dlYkZyYW1l TG9hZGVyQ2xpZW50LmNwcDoKKyAgICAgICAgKFdlYktpdDo6V2ViRnJhbWVMb2FkZXJDbGllbnQ6 OmRpc3BhdGNoV2lsbFN1Ym1pdEZvcm0pOgorCiAyMDE4LTAzLTE0ICBUaW0gSG9ydG9uICA8dGlt b3RoeV9ob3J0b25AYXBwbGUuY29tPgogCiAgICAgICAgIEZpeCB0aGUgYnVpbGQgYWZ0ZXIgcjIy OTU2NwpJbmRleDogU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL1dlYkNvcmVTdXBwb3J0L1dlYkZy YW1lTG9hZGVyQ2xpZW50LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0L1dlYlByb2Nl c3MvV2ViQ29yZVN1cHBvcnQvV2ViRnJhbWVMb2FkZXJDbGllbnQuY3BwCShyZXZpc2lvbiAyMjk1 OTkpCisrKyBTb3VyY2UvV2ViS2l0L1dlYlByb2Nlc3MvV2ViQ29yZVN1cHBvcnQvV2ViRnJhbWVM b2FkZXJDbGllbnQuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC05MzksNyArOTM5LDkgQEAgdm9pZCBX ZWJGcmFtZUxvYWRlckNsaWVudDo6ZGlzcGF0Y2hXaWxsUwogCiAgICAgYXV0byYgZm9ybSA9IGZv cm1TdGF0ZS5mb3JtKCk7CiAKLSAgICBhdXRvKiBzb3VyY2VGcmFtZSA9IFdlYkZyYW1lOjpmcm9t Q29yZUZyYW1lKCpmb3JtU3RhdGUuc291cmNlRG9jdW1lbnQoKS5mcmFtZSgpKTsKKyAgICBhdXRv KiBzb3VyY2VDb3JlRnJhbWUgPSBmb3JtU3RhdGUuc291cmNlRG9jdW1lbnQoKS5mcmFtZSgpOwor ICAgIFJFTEVBU0VfQVNTRVJUKHNvdXJjZUNvcmVGcmFtZSk7CisgICAgYXV0byogc291cmNlRnJh bWUgPSBXZWJGcmFtZTo6ZnJvbUNvcmVGcmFtZSgqc291cmNlQ29yZUZyYW1lKTsKICAgICBBU1NF UlQoc291cmNlRnJhbWUpOwogCiAgICAgYXV0byYgdmFsdWVzID0gZm9ybVN0YXRlLnRleHRGaWVs ZFZhbHVlcygpOwo=