191217 2018-11-02 16:22:37 -0700 REGRESSION: Crash under DOMWindow::postMessageTimerFired() 2018-11-08 15:33:39 -0800 1 1 1 Unclassified WebKit DOM WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar, Regression P2 Normal --- 1 cdumez cdumez achristensen cdumez commit-queue dbates ggaren jlewis3 rniwa webkit-bug-importer youennf oldest_to_newest 1474672 0 cdumez 2018-11-02 16:22:37 -0700 Crash under DOMWindow::postMessageTimerFired(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000038) [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) [inlined] WebCore::Frame::page() const at Frame.h:388:12 384 } 385 386 inline Page* Frame::page() const 387 { -> 388 return m_page; 389 } 390 391 inline void Frame::detachFromPage() 392 { 0x00007fff44a93855: movq %r14, %rsi 0x00007fff44a93858: callq 0xf7c690 ; WebCore::InspectorInstrumentation::willDispatchPostMessageImpl at InspectorInstrumentation.cpp:352 0x00007fff44a9385d: jmp 0x108461a ; <+138> [inlined] WebCore::ContextDestructionObserver::scriptExecutionContext() const at DOMWindow.cpp:1481 0x00007fff44a93862: movq 0x88(%rbx), %rax -> 0x00007fff44a93869: movq 0x38(%rax), %rax 0x00007fff44a9386d: testq %rax, %rax 0x00007fff44a93870: je 0x10846d1 ; <+321> at DOMWindow.cpp:999 0x00007fff44a93876: movq 0x50(%rax), %rax 0x00007fff44a9387a: movq 0x8(%rax), %rdi [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) [inlined] WebCore::InspectorInstrumentation::instrumentingAgentsForFrame(WebCore::Frame&) at InspectorInstrumentation.h:1422 1418 } 1419 1420 inline InstrumentingAgents* InspectorInstrumentation::instrumentingAgentsForFrame(Frame& frame) 1421 { -> 1422 return instrumentingAgentsForPage(frame.page()); 1423 } 1424 1425 inline InstrumentingAgents* InspectorInstrumentation::instrumentingAgentsForDocument(Document* document) 1426 { [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) [inlined] WebCore::InspectorInstrumentation::didDispatchPostMessage(WebCore::Frame&, WebCore::TimerBase&) at InspectorInstrumentation.h:732 728 729 inline void InspectorInstrumentation::didDispatchPostMessage(Frame& frame, TimerBase& timer) 730 { 731 FAST_RETURN_IF_NO_FRONTENDS(void()); -> 732 if (InstrumentingAgents* instrumentingAgents = instrumentingAgentsForFrame(frame)) 733 didDispatchPostMessageImpl(*instrumentingAgents, timer); 734 } 735 736 inline InspectorInstrumentationCookie InspectorInstrumentation::willCallFunction(ScriptExecutionContext* context, const String& scriptName, int scriptLine) [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) + 729 at DOMWindow.cpp:998 994 InspectorInstrumentation::willDispatchPostMessage(*m_frame, timer); 995 996 dispatchEvent(timer.event(*document())); 997 -> 998 InspectorInstrumentation::didDispatchPostMessage(*m_frame, timer); 999 } 1000 1001 DOMSelection* DOMWindow::getSelection() 1002 { [ 1] 0x00007fff43aec983 WebCore`WebCore::PostMessageTimer::fired() + 99 at DOMWindow.cpp:177:19 1474673 1 cdumez 2018-11-02 16:22:58 -0700 <rdar://problem/40888466> 1474674 2 353742 cdumez 2018-11-02 16:27:41 -0700 Created attachment 353742 Patch 1475218 3 353742 ggaren 2018-11-05 11:51:41 -0800 Comment on attachment 353742 Patch r=me 1475221 4 353742 commit-queue 2018-11-05 11:58:14 -0800 Comment on attachment 353742 Patch Clearing flags on attachment: 353742 Committed r237825: <https://trac.webkit.org/changeset/237825> 1475222 5 commit-queue 2018-11-05 11:58:16 -0800 All reviewed patches have been landed. Closing bug. 1476693 6 sihui_liu 2018-11-08 15:33:39 -0800 *** Bug 180174 has been marked as a duplicate of this bug. *** 353742 2018-11-02 16:27:41 -0700 2018-11-05 11:58:14 -0800 Patch bug-191217-20181102162741.patch text/plain 4990 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjM3NzUyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggOGEwM2MwMjFhZmYxYTUx ZmJjODc0NDFlZTk2ZmEyYWUzYjVhMzZmMS4uYWEwZjMyN2QzYjUxZTY0NTJhODU5NDdjMDJmZDhh ZDczZDMxMWQ1MyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDE4LTExLTAyICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggdW5kZXIgRE9NV2lu ZG93Ojpwb3N0TWVzc2FnZVRpbWVyRmlyZWQoKQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTkxMjE3CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS80MDg4 ODQ2Nj4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBQ cm90ZWN0IHRoZSBmcmFtZSBpbiBET01XaW5kb3c6OnBvc3RNZXNzYWdlVGltZXJGaXJlZCgpIGJl Zm9yZSBjYWxsaW5nIGRpc3BhdGNoRXZlbnQoKSBhcyBkaXNwYXRjaGluZyB0aGUKKyAgICAgICAg ZXZlbnQgbWF5IGNhdXNlIEpTIHRvIHJ1biBhbmQgdGhpcyBKUyBtYXkgY2F1c2UgdGhlIGZyYW1l IHRvIGJlIGRlc3Ryb3llZCwgaW4gd2hpY2ggY2FzZSB3ZSB3aWxsIGNyYXNoCisgICAgICAgIHdo ZW4gdHJ5aW5nIHRvIHVzZSB0aGUgZnJhbWUgb24gdGhlIG5leHQgbGluZS4KKworICAgICAgICBU ZXN0OiBmYXN0L2RvbS9XaW5kb3cvcmVtb3ZlLWZyYW1lLWluLW1lc3NhZ2UtZXZlbnQtaGFuZGxl ci5odG1sCisKKyAgICAgICAgKiBwYWdlL0RPTVdpbmRvdy5jcHA6CisgICAgICAgIChXZWJDb3Jl OjpET01XaW5kb3c6OnBvc3RNZXNzYWdlVGltZXJGaXJlZCk6CisKIDIwMTgtMTEtMDIgIFdlbnNv biBIc2llaCAgPHdlbnNvbl9oc2llaEBhcHBsZS5jb20+CiAKICAgICAgICAgW2lPU10gQ2hhbmdp bmcgdmlldyBzY2FsZSBzb21ldGltZXMgZG9lcyBub3Qgem9vbSB0aGUgcGFnZSB0byB0aGUgbmV3 IGluaXRpYWwgc2NhbGUsIHdoZW4gdGhlIHBhZ2UgaXMgYXQgaW5pdGlhbCBzY2FsZQpkaWZmIC0t Z2l0IGEvU291cmNlL1dlYkNvcmUvcGFnZS9ET01XaW5kb3cuY3BwIGIvU291cmNlL1dlYkNvcmUv cGFnZS9ET01XaW5kb3cuY3BwCmluZGV4IGYzODAxOWM1ZWU1YWFhMDM2MTk3YWNiYzIxMTQyMDll MGRjZWMxZWIuLjM2OGU4YmMzMzYzZWRjYzM5MDdmZGQwYjk3MjNmMGNjYTM3YjhjOGQgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BhZ2UvRE9NV2luZG93LmNwcAorKysgYi9Tb3VyY2UvV2Vi Q29yZS9wYWdlL0RPTVdpbmRvdy5jcHAKQEAgLTkwNCw3ICs5MDQsNyBAQCB2b2lkIERPTVdpbmRv dzo6cG9zdE1lc3NhZ2VUaW1lckZpcmVkKFBvc3RNZXNzYWdlVGltZXImIHRpbWVyKQogICAgIGlm ICghZG9jdW1lbnQoKSB8fCAhaXNDdXJyZW50bHlEaXNwbGF5ZWRJbkZyYW1lKCkpCiAgICAgICAg IHJldHVybjsKIAotICAgIGF1dG8qIGZyYW1lID0gdGhpcy0+ZnJhbWUoKTsKKyAgICBSZWY8RnJh bWU+IGZyYW1lID0gKnRoaXMtPmZyYW1lKCk7CiAgICAgaWYgKGF1dG8qIGludGVuZGVkVGFyZ2V0 T3JpZ2luID0gdGltZXIudGFyZ2V0T3JpZ2luKCkpIHsKICAgICAgICAgLy8gQ2hlY2sgdGFyZ2V0 IG9yaWdpbiBub3cgc2luY2UgdGhlIHRhcmdldCBkb2N1bWVudCBtYXkgaGF2ZSBjaGFuZ2VkIHNp bmNlIHRoZSB0aW1lciB3YXMgc2NoZWR1bGVkLgogICAgICAgICBpZiAoIWludGVuZGVkVGFyZ2V0 T3JpZ2luLT5pc1NhbWVTY2hlbWVIb3N0UG9ydChkb2N1bWVudCgpLT5zZWN1cml0eU9yaWdpbigp KSkgewpAQCAtOTE2LDE2ICs5MTYsMTYgQEAgdm9pZCBET01XaW5kb3c6OnBvc3RNZXNzYWdlVGlt ZXJGaXJlZChQb3N0TWVzc2FnZVRpbWVyJiB0aW1lcikKICAgICAgICAgICAgICAgICAgICAgcGFn ZUNvbnNvbGUtPmFkZE1lc3NhZ2UoTWVzc2FnZVNvdXJjZTo6U2VjdXJpdHksIE1lc3NhZ2VMZXZl bDo6RXJyb3IsIG1lc3NhZ2UpOwogICAgICAgICAgICAgfQogCi0gICAgICAgICAgICBJbnNwZWN0 b3JJbnN0cnVtZW50YXRpb246OmRpZEZhaWxQb3N0TWVzc2FnZSgqZnJhbWUsIHRpbWVyKTsKKyAg ICAgICAgICAgIEluc3BlY3Rvckluc3RydW1lbnRhdGlvbjo6ZGlkRmFpbFBvc3RNZXNzYWdlKGZy YW1lLCB0aW1lcik7CiAgICAgICAgICAgICByZXR1cm47CiAgICAgICAgIH0KICAgICB9CiAKLSAg ICBJbnNwZWN0b3JJbnN0cnVtZW50YXRpb246OndpbGxEaXNwYXRjaFBvc3RNZXNzYWdlKCpmcmFt ZSwgdGltZXIpOworICAgIEluc3BlY3Rvckluc3RydW1lbnRhdGlvbjo6d2lsbERpc3BhdGNoUG9z dE1lc3NhZ2UoZnJhbWUsIHRpbWVyKTsKIAogICAgIGRpc3BhdGNoRXZlbnQodGltZXIuZXZlbnQo KmRvY3VtZW50KCkpKTsKIAotICAgIEluc3BlY3Rvckluc3RydW1lbnRhdGlvbjo6ZGlkRGlzcGF0 Y2hQb3N0TWVzc2FnZSgqZnJhbWUsIHRpbWVyKTsKKyAgICBJbnNwZWN0b3JJbnN0cnVtZW50YXRp b246OmRpZERpc3BhdGNoUG9zdE1lc3NhZ2UoZnJhbWUsIHRpbWVyKTsKIH0KIAogRE9NU2VsZWN0 aW9uKiBET01XaW5kb3c6OmdldFNlbGVjdGlvbigpCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9D aGFuZ2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5kZXggNjY5ZjBiN2M0MWQ0NmVjNWY4 M2ExMjYxYzYyODkyZTY2N2UyYWZiMS4uYzUyNGY3NWNlMzgzMmQ2MzJkNmY0YTNlYmZjYzU5MzQ4 YWM2N2ViNyAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRl c3RzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDE4LTExLTAyICBDaHJpcyBEdW1leiAg PGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggdW5kZXIgRE9NV2luZG93Ojpwb3N0 TWVzc2FnZVRpbWVyRmlyZWQoKQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MTkxMjE3CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS80MDg4ODQ2Nj4KKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBZGQgbGF5b3V0 IHRlc3QgY292ZXJhZ2UuCisKKyAgICAgICAgKiBmYXN0L2RvbS9XaW5kb3cvcmVtb3ZlLWZyYW1l LWluLW1lc3NhZ2UtZXZlbnQtaGFuZGxlci1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAq IGZhc3QvZG9tL1dpbmRvdy9yZW1vdmUtZnJhbWUtaW4tbWVzc2FnZS1ldmVudC1oYW5kbGVyLmh0 bWw6IEFkZGVkLgorCiAyMDE4LTExLTAyICBXZW5zb24gSHNpZWggIDx3ZW5zb25faHNpZWhAYXBw bGUuY29tPgogCiAgICAgICAgIFtpT1NdIENoYW5naW5nIHZpZXcgc2NhbGUgc29tZXRpbWVzIGRv ZXMgbm90IHpvb20gdGhlIHBhZ2UgdG8gdGhlIG5ldyBpbml0aWFsIHNjYWxlLCB3aGVuIHRoZSBw YWdlIGlzIGF0IGluaXRpYWwgc2NhbGUKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvZG9t L1dpbmRvdy9yZW1vdmUtZnJhbWUtaW4tbWVzc2FnZS1ldmVudC1oYW5kbGVyLWV4cGVjdGVkLnR4 dCBiL0xheW91dFRlc3RzL2Zhc3QvZG9tL1dpbmRvdy9yZW1vdmUtZnJhbWUtaW4tbWVzc2FnZS1l dmVudC1oYW5kbGVyLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi4zOGRmN2ZiY2Q0OWYwNTAwZTZj N2NhNTUwNDkzZjc2ZmE3M2ZmN2FlCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFz dC9kb20vV2luZG93L3JlbW92ZS1mcmFtZS1pbi1tZXNzYWdlLWV2ZW50LWhhbmRsZXItZXhwZWN0 ZWQudHh0CkBAIC0wLDAgKzEsOSBAQAorTWFrZSBzdXJlIHRoYXQgd2UgZG8gbm90IGNyYXNoIHdo ZW4gYSBmcmFtZSBnZXRzIGRldGFjaGVkIGluIGEgbWVzc2FnZSBldmVudCBoYW5kbGVyLgorCitP biBzdWNjZXNzLCB5b3Ugd2lsbCBzZWUgYSBzZXJpZXMgb2YgIlBBU1MiIG1lc3NhZ2VzLCBmb2xs b3dlZCBieSAiVEVTVCBDT01QTEVURSIuCisKKworUEFTUyBzdWNjZXNzZnVsbHlQYXJzZWQgaXMg dHJ1ZQorCitURVNUIENPTVBMRVRFCisKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvZG9t L1dpbmRvdy9yZW1vdmUtZnJhbWUtaW4tbWVzc2FnZS1ldmVudC1oYW5kbGVyLmh0bWwgYi9MYXlv dXRUZXN0cy9mYXN0L2RvbS9XaW5kb3cvcmVtb3ZlLWZyYW1lLWluLW1lc3NhZ2UtZXZlbnQtaGFu ZGxlci5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAuLmVjY2Q5MTExNjVmMzlhYWMyOGViNjA0ZmY3NDgxYzgwMDBm YzhhMTQKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9mYXN0L2RvbS9XaW5kb3cvcmVt b3ZlLWZyYW1lLWluLW1lc3NhZ2UtZXZlbnQtaGFuZGxlci5odG1sCkBAIC0wLDAgKzEsMjEgQEAK KzwhRE9DVFlQRSBodG1sPgorPGh0bWw+Cis8Ym9keT4KKzxzY3JpcHQgc3JjPSIuLi8uLi8uLi9y ZXNvdXJjZXMvanMtdGVzdC5qcyI+PC9zY3JpcHQ+Cis8aWZyYW1lIGlkPSJzdWJmcmFtZSI+PC9p ZnJhbWU+Cis8c2NyaXB0PgorZGVzY3JpcHRpb24oIk1ha2Ugc3VyZSB0aGF0IHdlIGRvIG5vdCBj cmFzaCB3aGVuIGEgZnJhbWUgZ2V0cyBkZXRhY2hlZCBpbiBhIG1lc3NhZ2UgZXZlbnQgaGFuZGxl ci4iKTsKK2pzVGVzdElzQXN5bmMgPSB0cnVlOworCitvbmxvYWQgPSBmdW5jdGlvbigpIHsKKyAg ICBmcmFtZXNbMF0ub25tZXNzYWdlID0gZnVuY3Rpb24obXNnKSB7CisgICAgICAgIHN1YmZyYW1l LnJlbW92ZSgpOworICAgICAgICBnYygpOworICAgICAgICBzZXRUaW1lb3V0KGZpbmlzaEpTVGVz dCwgMCk7CisgICAgfQorCisgICAgZnJhbWVzWzBdLnBvc3RNZXNzYWdlKCJmb28iLCAiKiIpOwor fQorPC9zY3JpcHQ+Cis8L2JvZHk+Cis8L2h0bWw+Cg==