196479 2019-04-01 20:25:22 -0700 Nullptr crash in Document::open after calling policyChecker().stopCheck() 2019-04-01 23:44:47 -0700 1 1 1 Unclassified WebKit DOM WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa rniwa achristensen cdumez esprehn+autocc ews-watchlist kangil.han koivisto oldest_to_newest 1523202 0 rniwa 2019-04-01 20:25:22 -0700 WebCore`WebCore::Document::open(WebCore::Document*) + 210 at Document.cpp:2647 2643 } 2644 2645 if (m_frame->loader().policyChecker().delegateIsDecidingNavigationPolicy()) 2646 m_frame->loader().policyChecker().stopCheck(); -> 2647 if (m_frame->loader().state() == FrameStateProvisional) 2648 m_frame->loader().stopAllLoaders(); 2649 } 2650 2651 removeAllEventListeners(); We can hit a nullptr crash here because m_frame->loader().policyChecker().stopCheck() invokes m_willSubmitFormCompletionHandlers, and that could clear the frame, etc... <rdar://problem/48883397> 1523203 1 366464 rniwa 2019-04-01 20:27:37 -0700 Created attachment 366464 Fixes the bug 1523237 2 rniwa 2019-04-01 23:44:47 -0700 Committed r243738: <https://trac.webkit.org/changeset/243738> 366464 2019-04-01 20:27:37 -0700 2019-04-01 23:40:38 -0700 Fixes the bug bug-196479-20190401202737.patch text/plain 1532 rniwa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDI0MzczNSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE4IEBACisyMDE5LTA0LTAxICBSeW9zdWtl IE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIE51bGxwdHIgY3Jhc2ggaW4gRG9j dW1lbnQ6Om9wZW4gYWZ0ZXIgY2FsbGluZyBwb2xpY3lDaGVja2VyKCkuc3RvcENoZWNrKCkKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5NjQ3OQorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFkZGVkIGEgbWlz c2luZyBudWxscHRyIGNoZWNrIGluIERvY3VtZW50OjpvcGVuIGFmdGVyIGNhbGxpbmcgbV9mcmFt ZS0+bG9hZGVyKCkucG9saWN5Q2hlY2tlcigpLnN0b3BDaGVjaygpCisgICAgICAgIHNpbmNlIGl0 IGludm9rZXMgbV93aWxsU3VibWl0Rm9ybUNvbXBsZXRpb25IYW5kbGVycyBpbiBXZWJLaXQyLCBh bmQgdGhhdCBjb3VsZCBjbGVhciBtX2ZyYW1lLgorCisgICAgICAgIFVuZm9ydHVuYXRlbHksIHdl IGRvbid0IGhhdmUgYW55IHJlcHJvZHVjaWJsZSB0ZXN0IGNhc2UuCisKKyAgICAgICAgKiBkb20v RG9jdW1lbnQuY3BwOgorICAgICAgICAoV2ViQ29yZTo6RG9jdW1lbnQ6Om9wZW4pOgorCiAyMDE5 LTA0LTAxICBTaW1vbiBGcmFzZXIgIDxzaW1vbi5mcmFzZXJAYXBwbGUuY29tPgogCiAgICAgICAg IFJlbW92ZSBzb21lIHVudXNlZCBpT1Mgc2Nyb2xsaW5nLXJlbGF0ZWQgY29kZSBpbiBGcmFtZQpJ bmRleDogU291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmNwcAo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3Vy Y2UvV2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCShyZXZpc2lvbiAyNDM2NzMpCisrKyBTb3VyY2Uv V2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0yNzM4LDcgKzI3Mzgs NyBAQCBFeGNlcHRpb25Pcjx2b2lkPiBEb2N1bWVudDo6b3BlbihEb2N1bWVuCiAKICAgICAgICAg aWYgKG1fZnJhbWUtPmxvYWRlcigpLnBvbGljeUNoZWNrZXIoKS5kZWxlZ2F0ZUlzRGVjaWRpbmdO YXZpZ2F0aW9uUG9saWN5KCkpCiAgICAgICAgICAgICBtX2ZyYW1lLT5sb2FkZXIoKS5wb2xpY3lD aGVja2VyKCkuc3RvcENoZWNrKCk7Ci0gICAgICAgIGlmIChtX2ZyYW1lLT5sb2FkZXIoKS5zdGF0 ZSgpID09IEZyYW1lU3RhdGVQcm92aXNpb25hbCkKKyAgICAgICAgaWYgKG1fZnJhbWUgJiYgbV9m cmFtZS0+bG9hZGVyKCkuc3RhdGUoKSA9PSBGcmFtZVN0YXRlUHJvdmlzaW9uYWwpCiAgICAgICAg ICAgICBtX2ZyYW1lLT5sb2FkZXIoKS5zdG9wQWxsTG9hZGVycygpOwogICAgIH0KIAo=