52923 2011-01-21 14:28:02 -0800 [Chromium] Crash in WebFrameImpl::currentHistoryItem() due to null activeDocumentLoader() 2011-07-11 16:37:24 -0700 1 1 1 Unclassified WebKit WebKit Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 japhet japhet fishd jbates webkit.review.bot oldest_to_newest 338346 0 japhet 2011-01-21 14:28:02 -0800 Original report at http://code.google.com/p/chromium/issues/detail?id=65674 FrameLoader::activeDocumentLoader() is not guaranteed to be non-null, and we appear to be hitting null cases when calling it from RenderView::syncNavigationState() via WebFrameImpl::currentHistoryItem(). It appears we're just using activeDocumentLoader() to determine whether we're still loading. A null activeDocumentLoader() should answer that question pretty clearly as a 'no'. 338351 1 79795 japhet 2011-01-21 14:35:23 -0800 Created attachment 79795 patch 338421 2 79795 fishd 2011-01-21 16:28:22 -0800 Comment on attachment 79795 patch This is OK, but I'd really like to understand how this is possible. For example, we might want to return WebHistoryItem() in cases like this. Maybe this is happening at shutdown time? 432901 3 japhet 2011-07-06 11:40:40 -0700 (In reply to comment #2) > (From update of attachment 79795 [details]) > This is OK, but I'd really like to understand how this is possible. For example, we might want to return WebHistoryItem() in cases like this. Maybe this is happening at shutdown time? Picking this bug back up after 6 months :) Looking through when we set the DocumentLoader members of FrameLoader, it *might* happen during a cancel, but shutdown looks far more likely. 433759 4 100044 japhet 2011-07-07 16:07:30 -0700 Created attachment 100044 Early exit for null activeDocumentLoader() 434131 5 100044 webkit.review.bot 2011-07-08 10:25:05 -0700 Comment on attachment 100044 Early exit for null activeDocumentLoader() Clearing flags on attachment: 100044 Committed r90641: <http://trac.webkit.org/changeset/90641> 434132 6 webkit.review.bot 2011-07-08 10:25:09 -0700 All reviewed patches have been landed. Closing bug. 435292 7 100381 jbates 2011-07-11 16:33:54 -0700 Created attachment 100381 Patch 435295 8 jbates 2011-07-11 16:35:34 -0700 (In reply to comment #7) > Created an attachment (id=100381) [details] > Patch wrong bug, ignore patch 79795 2011-01-21 14:35:23 -0800 2011-07-07 16:07:30 -0700 patch adl.txt text/plain 1663 japhet SW5kZXg6IFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vc3JjL1dlYkZyYW1lSW1wbC5jcHAKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gU291cmNlL1dlYktpdC9jaHJvbWl1bS9zcmMvV2ViRnJhbWVJbXBsLmNwcAkocmV2 aXNpb24gNzYzNTMpCisrKyBTb3VyY2UvV2ViS2l0L2Nocm9taXVtL3NyYy9XZWJGcmFtZUltcGwu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC05OTEsNyArOTkxLDcgQEAKICAgICAvLyBoaXN0b3J5IGl0 ZW0gYXMgdGhpcyBjb3VsZCBjYXVzZSB1cyB0byBsb3NlIHRoZSBzY3JvbGwgcG9zaXRpb24gYW5k CiAgICAgLy8gZG9jdW1lbnQgc3RhdGUuICBIb3dldmVyLCBpdCBpcyBPSyBmb3IgbmV3IG5hdmln YXRpb25zLgogICAgIGlmIChtX2ZyYW1lLT5sb2FkZXIoKS0+bG9hZFR5cGUoKSA9PSBGcmFtZUxv YWRUeXBlU3RhbmRhcmQKLSAgICAgICAgfHwgIW1fZnJhbWUtPmxvYWRlcigpLT5hY3RpdmVEb2N1 bWVudExvYWRlcigpLT5pc0xvYWRpbmdJbkFQSVNlbnNlKCkpCisgICAgICAgIHx8IChtX2ZyYW1l LT5sb2FkZXIoKS0+YWN0aXZlRG9jdW1lbnRMb2FkZXIoKSAmJiAhbV9mcmFtZS0+bG9hZGVyKCkt PmFjdGl2ZURvY3VtZW50TG9hZGVyKCktPmlzTG9hZGluZ0luQVBJU2Vuc2UoKSkpCiAgICAgICAg IG1fZnJhbWUtPmxvYWRlcigpLT5oaXN0b3J5KCktPnNhdmVEb2N1bWVudEFuZFNjcm9sbFN0YXRl KCk7CiAKICAgICByZXR1cm4gV2ViSGlzdG9yeUl0ZW0obV9mcmFtZS0+cGFnZSgpLT5iYWNrRm9y d2FyZCgpLT5jdXJyZW50SXRlbSgpKTsKSW5kZXg6IFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vQ2hh bmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vQ2hhbmdlTG9nCShy ZXZpc2lvbiA3NjM4NCkKKysrIFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vQ2hhbmdlTG9nCSh3b3Jr aW5nIGNvcHkpCkBAIC0xLDMgKzEsMTggQEAKKzIwMTEtMDEtMjEgIE5hdGUgQ2hhcGluICA8amFw aGV0QGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBOdWxsLWNoZWNrIGFjdGl2ZURvY3VtZW50TG9hZGVyKCkgaW4KKyAgICAgICAg V2ViRnJhbWVJbXBsOjpjdXJyZW50SGlzdG9yeUl0ZW0oKSwgc2luY2UgdGhpcworICAgICAgICBm dW5jdGlvbiBjYW4gYmUgY2FsbGVkIGF0IHVucHJlZGljdGFibGUgdGltZXMKKyAgICAgICAgKGUu Zy4sIGluIFJlbmRlclZpZXc6OnN5bmNOYXZpZ2F0b25TdGF0ZSgpKS4KKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTUyOTIzCisKKyAgICAgICAgTm8ga25v d24gcmVwcm8gc3RlcHMsIHNvIG5vIG5ldyB0ZXN0LgorCisgICAgICAgICogc3JjL1dlYkZyYW1l SW1wbC5jcHA6CisgICAgICAgIChXZWJLaXQ6OldlYkZyYW1lSW1wbDo6Y3VycmVudEhpc3RvcnlJ dGVtKToKKwogMjAxMS0wMS0yMSAgUnlvc3VrZSBOaXdhICA8cm5pd2FAd2Via2l0Lm9yZz4KIAog ICAgICAgICBVbnJldmlld2VkOyBhbm90aGVyIENocm9taXVtIGJ1aWxkIGZpeCBhdHRlbXB0IGZv ciByNzYzNzguCg== 100044 2011-07-07 16:07:30 -0700 2011-07-11 16:33:51 -0700 Early exit for null activeDocumentLoader() historyitem.txt text/plain 1485 japhet SW5kZXg6IFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vc3JjL1dlYkZyYW1lSW1wbC5jcHAKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gU291cmNlL1dlYktpdC9jaHJvbWl1bS9zcmMvV2ViRnJhbWVJbXBsLmNwcAkocmV2 aXNpb24gOTA0NzUpCisrKyBTb3VyY2UvV2ViS2l0L2Nocm9taXVtL3NyYy9XZWJGcmFtZUltcGwu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC05NjYsNiArOTY2LDEwIEBACiAKIFdlYkhpc3RvcnlJdGVt IFdlYkZyYW1lSW1wbDo6Y3VycmVudEhpc3RvcnlJdGVtKCkgY29uc3QKIHsKKyAgICAvLyBXZSdy ZSBzaHV0dGluZyBkb3duLgorICAgIGlmICghbV9mcmFtZS0+bG9hZGVyKCktPmFjdGl2ZURvY3Vt ZW50TG9hZGVyKCkpCisgICAgICAgIHJldHVybiBXZWJIaXN0b3J5SXRlbSgpOworCiAgICAgLy8g SWYgd2UgYXJlIHN0aWxsIGxvYWRpbmcsIHRoZW4gd2UgZG9uJ3Qgd2FudCB0byBjbG9iYmVyIHRo ZSBjdXJyZW50CiAgICAgLy8gaGlzdG9yeSBpdGVtIGFzIHRoaXMgY291bGQgY2F1c2UgdXMgdG8g bG9zZSB0aGUgc2Nyb2xsIHBvc2l0aW9uIGFuZAogICAgIC8vIGRvY3VtZW50IHN0YXRlLiAgSG93 ZXZlciwgaXQgaXMgT0sgZm9yIG5ldyBuYXZpZ2F0aW9ucy4KSW5kZXg6IFNvdXJjZS9XZWJLaXQv Y2hyb21pdW0vQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQvY2hyb21pdW0v Q2hhbmdlTG9nCShyZXZpc2lvbiA5MDU5NykKKysrIFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vQ2hh bmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTggQEAKKzIwMTEtMDctMDcgIE5hdGUg Q2hhcGluICA8amFwaGV0QGNocm9taXVtLm9yZz4KKworICAgICAgICBDaGVjayBhY3RpdmVEb2N1 bWVudExvYWRlcigpIGluCisgICAgICAgIFdlYkZyYW1lSW1wbDo6Y3VycmVudEhpc3RvcnlJdGVt KCkgYW5kIHJldHVybgorICAgICAgICBlYXJseSBpZiBudWxsLCBzaW5jZSB0aGF0IHNob3VsZCBt ZWFuIHdlJ3JlCisgICAgICAgIHNodXR0aW5nIGRvd24uCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD01MjkyMworCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIE5vIGtub3duIHJlcHJvLCBzbyBubyBuZXcgdGVzdC4K KworICAgICAgICAqIHNyYy9XZWJGcmFtZUltcGwuY3BwOgorICAgICAgICAoV2ViS2l0OjpXZWJG cmFtZUltcGw6OmN1cnJlbnRIaXN0b3J5SXRlbSk6CisKIDIwMTEtMDctMDcgIFZzZXZvbG9kIFZs YXNvdiAgPHZzZXZpa0BjaHJvbWl1bS5vcmc+CiAKICAgICAgICAgV2ViIEluc3BlY3RvcjogQWRk IHN1cHBvcnQgZm9yIGNsZWFyaW5nIGNhY2hlIGFuZCBjb29raWVzIGZyb20gbmV0d29yayBwYW5l bC4K 100381 2011-07-11 16:33:54 -0700 2011-07-11 16:37:24 -0700 Patch bug-52923-20110711163353.patch text/plain 1895 jbates U3VidmVyc2lvbiBSZXZpc2lvbjogOTA3ODAKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvY2hy b21pdW0vQ2hhbmdlTG9nIGIvU291cmNlL1dlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKaW5kZXgg OTA4MTAzYTRkODNmNjAyNTY4ZTY1NzBkYzQ2OWZiMjkxOGFjZWYxZC4uMDVhNGM2M2JmYmRhNTQy Y2E4MTk3ZjM4YjE5ODY1OGI2OWIyZjA0NCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdC9jaHJv bWl1bS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKQEAg LTEsMyArMSwxOSBAQAorMjAxMS0wNy0wOCAgSm9obiBCYXRlcyAgPGpiYXRlc0Bnb29nbGUuY29t PgorCisgICAgICAgIE1vdmUgY2FsbCB0byB1cGRhdGVMYXllcnMgc28gdGhhdCB3ZSBkbyBub3Qg dHJpZ2dlciByZWR1bmRhbnQgZHJhd3MuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD02NDIyNAorCisgICAgICAgIHVwZGF0ZUxheWVycyB3YXMgdHJpZ2dl cmluZyBjb21wb3NpdGVzIGV2ZXJ5IHRpbWUgYSBjYW52YXMgd2FzIGRpcnRpZWQuCisgICAgICAg IEJ5IG1vdmluZyB0aGUgY2FsbCB0byBsYXlvdXQsIHRoZSBjbGllbnQgY29kZSBjYW4gZHJhdyB3 aXRob3V0IHRyaWdnZXJpbmcKKyAgICAgICAgYSByZWR1bmRhbnQgZnJhbWUuCisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBwdWJsaWMvV2ViV2lkZ2V0 Q2xpZW50Lmg6CisgICAgICAgIChXZWJLaXQ6OldlYldpZGdldENsaWVudDo6cG9wUGVuZGluZ1Vw ZGF0ZSk6CisgICAgICAgICogc3JjL1dlYlZpZXdJbXBsLmNwcDoKKyAgICAgICAgKFdlYktpdDo6 V2ViVmlld0ltcGw6OmRvQ29tcG9zaXRlKToKKwogMjAxMS0wNy0wOCAgTmF0ZSBDaGFwaW4gIDxq YXBoZXRAY2hyb21pdW0ub3JnPgogCiAgICAgICAgIENoZWNrIGFjdGl2ZURvY3VtZW50TG9hZGVy KCkgaW4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvY2hyb21pdW0vc3JjL1dlYlZpZXdJbXBs LmNwcCBiL1NvdXJjZS9XZWJLaXQvY2hyb21pdW0vc3JjL1dlYlZpZXdJbXBsLmNwcAppbmRleCAy NDk3MzM0YjQ5YTUwMjRiZTY2ZWIwY2IyN2JkYjY5YWM4MWFkNDUyLi4zMzBhMDk5YzRiN2NhODhl NmIxY2U3NTM5OGQ0OTk0MzVjYTQxZDk4IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L2Nocm9t aXVtL3NyYy9XZWJWaWV3SW1wbC5jcHAKKysrIGIvU291cmNlL1dlYktpdC9jaHJvbWl1bS9zcmMv V2ViVmlld0ltcGwuY3BwCkBAIC0xMDU5LDYgKzEwNTksMTEgQEAgdm9pZCBXZWJWaWV3SW1wbDo6 bGF5b3V0KCkKICAgICAgICAgLy8gbGF5b3V0IHRvIGJlIGludmFsaWRhdGVkLCBzbyBsYXlvdXQg bmVlZHMgdG8gYmUgY2FsbGVkIGxhc3QuCiAKICAgICAgICAgd2ViZnJhbWUtPmxheW91dCgpOwor CisgICAgICAgIC8vIENhbGwgdXBkYXRlTGF5ZXJzIGhlcmUgaW5zdGVhZCBvZiBkdXJpbmcgZG9D b21wb3NpdGUgc28gdGhhdCB3ZSBkb24ndAorICAgICAgICAvLyB0cmlnZ2VyIGFub3RoZXIgcmVk dW5kYW50IGZyYW1lIGR1cmluZyBkb0NvbXBvc2l0ZS4KKyAgICAgICAgaWYgKGlzQWNjZWxlcmF0 ZWRDb21wb3NpdGluZ0FjdGl2ZSgpICYmIG1fbGF5ZXJSZW5kZXJlci5nZXQoKSkKKyAgICAgICAg ICAgIG1fbGF5ZXJSZW5kZXJlci0+dXBkYXRlTGF5ZXJzKCk7CiAgICAgfQogfQogCkBAIC0yNTU4 LDcgKzI1NjMsNiBAQCB2b2lkIFdlYlZpZXdJbXBsOjpkb0NvbXBvc2l0ZSgpCiAgICAgaWYgKG1f cGFnZU92ZXJsYXkpCiAgICAgICAgIG1fcGFnZU92ZXJsYXktPnVwZGF0ZSgpOwogCi0gICAgbV9s YXllclJlbmRlcmVyLT51cGRhdGVMYXllcnMoKTsKICAgICBtX2xheWVyUmVuZGVyZXItPmRyYXdM YXllcnMoKTsKIH0KIAo=