87990 2012-05-31 10:51:11 -0700 Crashes unregistering DOMWindowProperties while releasing CachedPages 2012-05-31 12:58:29 -0700 1 1 1 Unclassified WebKit Page Loading 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 beidson beidson oldest_to_newest 638560 0 beidson 2012-05-31 10:51:11 -0700 Crashes unregistered DOMWindowProperties releasing CachedPages. I haven't been able to craft a test case to reproduce this, but we know some people are seeing crashes where the following occurs: -A page with iframes goes in to the page cache -SOMEHOW, a DOMWindowProperty is created in one of these iframes. It is registered with the DOMWindow as a property, but it doesn't know that it is a disconnected DOMWindow in the page cache. -When the cached frame is later destroyed, the DOMWindow tells each of its properties that the cached frame is going away, and the DOMWindowProperty in question doesn't have a disconnected DOMWindow to unregister from. -Crash. My proposed patch will involve a pretty straight forward rewrite of the base DOMWindowProperty class that guards against this case by always keeping track of the DOMWindow it has registered with, and only unregistering from that very same DOMWindow. In radar as <rdar://problem/11544454> 638570 1 145114 beidson 2012-05-31 11:03:25 -0700 Created attachment 145114 Patch v1 638586 2 145114 jberlin 2012-05-31 11:18:36 -0700 Comment on attachment 145114 Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=145114&action=review r=me (assuming all the layout tests pass with this version) > Source/WebCore/page/DOMWindowProperty.cpp:41 > + // We should fix that. This needs a FIXME and a bug number. 638653 3 beidson 2012-05-31 12:58:29 -0700 http://trac.webkit.org/changeset/119136 145114 2012-05-31 11:03:25 -0700 2012-05-31 11:18:36 -0700 Patch v1 patch.txt text/plain 6257 beidson ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBjM2Q2ZDVlLi4xOGEwMGRkIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjYg QEAKKzIwMTItMDUtMzEgIEJyYWR5IEVpZHNvbiAgPGJlaWRzb25AYXBwbGUuY29tPgorCisgICAg ICAgIDxyZGFyOi8vcHJvYmxlbS8xMTU0NDQ1ND4gYW5kIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD04Nzk5MAorICAgICAgICBDcmFzaGVzIHVucmVnaXN0ZXJpbmcgRE9N V2luZG93UHJvcGVydGllcyB3aGlsZSByZWxlYXNpbmcgQ2FjaGVkUGFnZXMKKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGlzIHBhdGNoIHJld3JpdGVz IERPTVdpbmRvd1Byb3BlcnR5IHRvIGFsd2F5cyBrZWVwIGRpcmVjdCB0cmFjayBvZiB0aGUgRE9N V2luZG93CisgICAgICAgIGl0IGhhcyByZWdpc3RlcmVkIHdpdGggYW5kIHRvIG9ubHkgZXZlciB1 bnJlZ2lzdGVyIGZyb20gdGhhdCB2ZXJ5IHNhbWUgRE9NV2luZG93LgorCisgICAgICAgIE5vIG5l dyB0ZXN0cy4gKFdoaWxlIHRoZSBkaXJlY3QgY2F1c2Ugb2YgdGhlIGNyYXNoIGlzIHVuZGVyc3Rv b2QsIHJlcHJvZHVjaW5nIGl0IGlzIG5vdCkKKworICAgICAgICAqIHBhZ2UvRE9NV2luZG93UHJv cGVydHkuY3BwOgorICAgICAgICAoV2ViQ29yZTo6RE9NV2luZG93UHJvcGVydHk6OkRPTVdpbmRv d1Byb3BlcnR5KToKKyAgICAgICAgKFdlYkNvcmU6OkRPTVdpbmRvd1Byb3BlcnR5Ojp+RE9NV2lu ZG93UHJvcGVydHkpOgorICAgICAgICAoV2ViQ29yZTo6RE9NV2luZG93UHJvcGVydHk6OmRpc2Nv bm5lY3RGcmFtZUZvclBhZ2VDYWNoZSk6CisgICAgICAgIChXZWJDb3JlOjpET01XaW5kb3dQcm9w ZXJ0eTo6cmVjb25uZWN0RnJhbWVGcm9tUGFnZUNhY2hlKToKKyAgICAgICAgKFdlYkNvcmU6OkRP TVdpbmRvd1Byb3BlcnR5Ojp3aWxsRGVzdHJveUdsb2JhbE9iamVjdEluQ2FjaGVkRnJhbWUpOgor ICAgICAgICAoV2ViQ29yZTo6RE9NV2luZG93UHJvcGVydHk6OndpbGxEZXN0cm95R2xvYmFsT2Jq ZWN0SW5GcmFtZSk6CisgICAgICAgIChXZWJDb3JlOjpET01XaW5kb3dQcm9wZXJ0eTo6d2lsbERl dGFjaEdsb2JhbE9iamVjdEZyb21GcmFtZSk6CisgICAgICAgICogcGFnZS9ET01XaW5kb3dQcm9w ZXJ0eS5oOgorICAgICAgICAoRE9NV2luZG93UHJvcGVydHkpOgorCiAyMDEyLTA1LTMxICBJYW4g Vm9sbGljayAgPHZvbGxpY2tAY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFtjaHJvbWl1bV0gY3Jl YXRlIFdlYlRyYW5zZm9ybU9wZXJhdGlvbiBpbnRlcmZhY2UgZm9yIGNocm9taXVtIHBsYXRmb3Jt CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wYWdlL0RPTVdpbmRvd1Byb3BlcnR5LmNwcCBi L1NvdXJjZS9XZWJDb3JlL3BhZ2UvRE9NV2luZG93UHJvcGVydHkuY3BwCmluZGV4IGY0ZjMyYzIu LmEyOGFjYWEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BhZ2UvRE9NV2luZG93UHJvcGVy dHkuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BhZ2UvRE9NV2luZG93UHJvcGVydHkuY3BwCkBA IC0xLDUgKzEsNiBAQAogLyoKICAqIENvcHlyaWdodCAoQykgMjAxMSBHb29nbGUsIEluYy4gQWxs IFJpZ2h0cyBSZXNlcnZlZC4KKyAqIENvcHlyaWdodCAoQykgMjAxMiBBcHBsZSBJbmMuIEFsbCBS aWdodHMgUmVzZXJ2ZWQuCiAgKgogICogUmVkaXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2Ug YW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBvciB3aXRob3V0CiAgKiBtb2RpZmljYXRpb24sIGFyZSBw ZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMKQEAgLTMzLDYx ICszNCw3NiBAQCBuYW1lc3BhY2UgV2ViQ29yZSB7CiAKIERPTVdpbmRvd1Byb3BlcnR5OjpET01X aW5kb3dQcm9wZXJ0eShGcmFtZSogZnJhbWUpCiAgICAgOiBtX2ZyYW1lKGZyYW1lKQotICAgICwg bV9kaXNjb25uZWN0ZWRET01XaW5kb3coMCkKKyAgICAsIG1fYXNzb2NpYXRlZERPTVdpbmRvdygw KQogewotICAgIGlmIChtX2ZyYW1lKQotICAgICAgICBtX2ZyYW1lLT5kb21XaW5kb3coKS0+cmVn aXN0ZXJQcm9wZXJ0eSh0aGlzKTsKKyAgICAvLyBGb3Igbm93IGl0ICppcyogYWNjZXB0YWJsZSBm b3IgYSBET01XaW5kb3dQcm9wZXJ0eSB0byBiZSBjcmVhdGVkIHdpdGggYSBudWxsIGZyYW1lLgor ICAgIC8vIFNlZSBmYXN0L2RvbS9uYXZpZ2F0b3ItZGV0YWNoZWQtbm8tY3Jhc2guaHRtbCBmb3Ig dGhlIHJlY2lwZS4KKyAgICAvLyBXZSBzaG91bGQgZml4IHRoYXQuCisgICAgaWYgKG1fZnJhbWUp IHsKKyAgICAgICAgbV9hc3NvY2lhdGVkRE9NV2luZG93ID0gbV9mcmFtZS0+ZG9tV2luZG93KCk7 CisgICAgICAgIG1fYXNzb2NpYXRlZERPTVdpbmRvdy0+cmVnaXN0ZXJQcm9wZXJ0eSh0aGlzKTsK KyAgICB9CiB9CiAKIERPTVdpbmRvd1Byb3BlcnR5Ojp+RE9NV2luZG93UHJvcGVydHkoKQogewot ICAgIGlmIChtX2ZyYW1lKSB7Ci0gICAgICAgIEFTU0VSVCghbV9kaXNjb25uZWN0ZWRET01XaW5k b3cpOwotICAgICAgICBtX2ZyYW1lLT5kb21XaW5kb3coKS0+dW5yZWdpc3RlclByb3BlcnR5KHRo aXMpOwotICAgIH0gZWxzZSBpZiAobV9kaXNjb25uZWN0ZWRET01XaW5kb3cpCi0gICAgICAgIG1f ZGlzY29ubmVjdGVkRE9NV2luZG93LT51bnJlZ2lzdGVyUHJvcGVydHkodGhpcyk7CisgICAgaWYg KG1fYXNzb2NpYXRlZERPTVdpbmRvdykKKyAgICAgICAgbV9hc3NvY2lhdGVkRE9NV2luZG93LT51 bnJlZ2lzdGVyUHJvcGVydHkodGhpcyk7CisKKyAgICBtX2Fzc29jaWF0ZWRET01XaW5kb3cgPSAw OworICAgIG1fZnJhbWUgPSAwOwogfQogCiB2b2lkIERPTVdpbmRvd1Byb3BlcnR5OjpkaXNjb25u ZWN0RnJhbWVGb3JQYWdlQ2FjaGUoKQogewotICAgIEFTU0VSVChtX2ZyYW1lKTsKLSAgICBBU1NF UlQoIW1fZGlzY29ubmVjdGVkRE9NV2luZG93KTsKLSAgICBtX2Rpc2Nvbm5lY3RlZERPTVdpbmRv dyA9IG1fZnJhbWUtPmRvbVdpbmRvdygpOworICAgIC8vIElmIHRoaXMgcHJvcGVydHkgaXMgYmVp bmcgZGlzY29ubmVjdGVkIGZyb20gaXRzIEZyYW1lIHRvIGVudGVyIHRoZSBQYWdlQ2FjaGUsIGl0 IG11c3QgaGF2ZQorICAgIC8vIGJlZW4gY3JlYXRlZCB3aXRoIGEgRnJhbWUgaW4gdGhlIGZpcnN0 IHBsYWNlLgorICAgIEFTU0VSVChtX2ZyYW1lICYmIG1fYXNzb2NpYXRlZERPTVdpbmRvdyk7CisK ICAgICBtX2ZyYW1lID0gMDsKIH0KIAogdm9pZCBET01XaW5kb3dQcm9wZXJ0eTo6cmVjb25uZWN0 RnJhbWVGcm9tUGFnZUNhY2hlKEZyYW1lKiBmcmFtZSkKIHsKLSAgICBBU1NFUlQoZnJhbWUpOwot ICAgIEFTU0VSVCghbV9mcmFtZSk7Ci0gICAgQVNTRVJUKG1fZGlzY29ubmVjdGVkRE9NV2luZG93 KTsKKyAgICAvLyBJZiB0aGlzIHByb3BlcnR5IGlzIGJlaW5nIHJlY29ubmVjdGVkIHRvIGl0cyBG cmFtZSB0byBlbnRlciB0aGUgUGFnZUNhY2hlLCBpdCBtdXN0IGhhdmUKKyAgICAvLyBiZWVuIGRp c2Nvbm5lY3RlZCBmcm9tIGl0cyBGcmFtZSBpbiB0aGUgZmlyc3QgcGxhY2UgYW5kIGl0IHNob3Vs ZCBzdGlsbCBoYXZlIGFuIGFzc29jaWF0ZWQgRE9NV2luZG93LgorICAgIEFTU0VSVChmcmFtZSAm JiAhbV9mcmFtZSk7CisgICAgQVNTRVJUKGZyYW1lLT5kb21XaW5kb3coKSA9PSBtX2Fzc29jaWF0 ZWRET01XaW5kb3cpOworCiAgICAgbV9mcmFtZSA9IGZyYW1lOwotICAgIG1fZGlzY29ubmVjdGVk RE9NV2luZG93ID0gMDsKIH0KIAogdm9pZCBET01XaW5kb3dQcm9wZXJ0eTo6d2lsbERlc3Ryb3lH bG9iYWxPYmplY3RJbkNhY2hlZEZyYW1lKCkKIHsKLSAgICBBU1NFUlQobV9kaXNjb25uZWN0ZWRE T01XaW5kb3cpOwotICAgIC8vIERPTVdpbmRvd1Byb3BlcnR5IGxpZmV0aW1lIGlzbid0IHRpZWQg ZGlyZWN0bHkgdG8gdGhlIERPTVdpbmRvdyBpdHNlbGYgc28gaXQgaXMgaW1wb3J0YW50Ci0gICAg Ly8gdGhhdCBpdCB1bnJlZ2lzdGVyIGl0c2VsZiBmcm9tIGFueSBET01XaW5kb3cgaXQgaXMgYXNz b2NpYXRlZCB3aXRoLgotICAgIG1fZGlzY29ubmVjdGVkRE9NV2luZG93LT51bnJlZ2lzdGVyUHJv cGVydHkodGhpcyk7Ci0gICAgbV9kaXNjb25uZWN0ZWRET01XaW5kb3cgPSAwOworICAgIC8vIElm IHRoZSBwcm9wZXJ0eSBoYXMgYmVlbiBkaXNjb25uZWN0ZWQgZnJvbSBpdHMgRnJhbWUgZm9yIHRo ZSBwYWdlIGNhY2hlLCB0aGVuIGl0IG11c3QgaGF2ZSBvcmlnaW5hbGx5IGhhZCBhIEZyYW1lCisg ICAgLy8gYW5kIHRoZXJlZm9yZSBzaG91bGQgc3RpbGwgaGF2ZSBhbiBhc3NvY2lhdGVkIERPTVdp bmRvdy4KKyAgICBBU1NFUlQoIW1fZnJhbWUgJiYgbV9hc3NvY2lhdGVkRE9NV2luZG93KTsKKwor ICAgIC8vIERPTVdpbmRvd1Byb3BlcnR5IGxpZmV0aW1lIGlzbid0IHRpZWQgZGlyZWN0bHkgdG8g dGhlIERPTVdpbmRvdyBpdHNlbGYgc28gaXQgaXMgaW1wb3J0YW50IHRoYXQgaXQgdW5yZWdpc3Rl cgorICAgIC8vIGl0c2VsZiBmcm9tIGFueSBET01XaW5kb3cgaXQgaXMgYXNzb2NpYXRlZCB3aXRo IGlmIHRoYXQgRE9NV2luZG93IGlzIGdvaW5nIGF3YXkuCisgICAgaWYgKG1fYXNzb2NpYXRlZERP TVdpbmRvdykKKyAgICAgICAgbV9hc3NvY2lhdGVkRE9NV2luZG93LT51bnJlZ2lzdGVyUHJvcGVy dHkodGhpcyk7CisgICAgbV9hc3NvY2lhdGVkRE9NV2luZG93ID0gMDsKKyAgICBtX2ZyYW1lID0g MDsKIH0KIAogdm9pZCBET01XaW5kb3dQcm9wZXJ0eTo6d2lsbERlc3Ryb3lHbG9iYWxPYmplY3RJ bkZyYW1lKCkKIHsKLSAgICBBU1NFUlQobV9mcmFtZSk7Ci0gICAgQVNTRVJUKCFtX2Rpc2Nvbm5l Y3RlZERPTVdpbmRvdyk7CisgICAgLy8gSWYgdGhlIHByb3BlcnR5IGlzIGdldHRpbmcgdGhpcyBj YWxsYmFjayBpdCBtdXN0IGhhdmUgYmVlbiBjcmVhdGVkIHdpdGggYSBGcmFtZS9ET01XaW5kb3cg YW5kIGl0IHNob3VsZCBzdGlsbCBoYXZlIHRoZW0uCisgICAgQVNTRVJUKG1fZnJhbWUgJiYgbV9h c3NvY2lhdGVkRE9NV2luZG93KTsKKwogICAgIC8vIERPTVdpbmRvd1Byb3BlcnR5IGxpZmV0aW1l IGlzbid0IHRpZWQgZGlyZWN0bHkgdG8gdGhlIERPTVdpbmRvdyBpdHNlbGYgc28gaXQgaXMgaW1w b3J0YW50IHRoYXQgaXQgdW5yZWdpc3RlcgotICAgIC8vIGl0c2VsZiBmcm9tIGFueSBET01XaW5k b3cgaXQgaXMgYXNzb2NpYXRlZCB3aXRoLgotICAgIG1fZnJhbWUtPmRvbVdpbmRvdygpLT51bnJl Z2lzdGVyUHJvcGVydHkodGhpcyk7CisgICAgLy8gaXRzZWxmIGZyb20gYW55IERPTVdpbmRvdyBp dCBpcyBhc3NvY2lhdGVkIHdpdGggaWYgdGhhdCBET01XaW5kb3cgaXMgZ29pbmcgYXdheS4KKyAg ICBpZiAobV9hc3NvY2lhdGVkRE9NV2luZG93KQorICAgICAgICBtX2Fzc29jaWF0ZWRET01XaW5k b3ctPnVucmVnaXN0ZXJQcm9wZXJ0eSh0aGlzKTsKKyAgICBtX2Fzc29jaWF0ZWRET01XaW5kb3cg PSAwOwogICAgIG1fZnJhbWUgPSAwOwogfQogCiB2b2lkIERPTVdpbmRvd1Byb3BlcnR5Ojp3aWxs RGV0YWNoR2xvYmFsT2JqZWN0RnJvbUZyYW1lKCkKIHsKLSAgICBBU1NFUlQobV9mcmFtZSk7Ci0g ICAgQVNTRVJUKCFtX2Rpc2Nvbm5lY3RlZERPTVdpbmRvdyk7CisgICAgLy8gSWYgdGhlIHByb3Bl cnR5IGlzIGdldHRpbmcgdGhpcyBjYWxsYmFjayBpdCBtdXN0IGhhdmUgYmVlbiBjcmVhdGVkIHdp dGggYSBGcmFtZS9ET01XaW5kb3cgYW5kIGl0IHNob3VsZCBzdGlsbCBoYXZlIHRoZW0uCisgICAg QVNTRVJUKG1fZnJhbWUgJiYgbV9hc3NvY2lhdGVkRE9NV2luZG93KTsKIH0KIAogfQpkaWZmIC0t Z2l0IGEvU291cmNlL1dlYkNvcmUvcGFnZS9ET01XaW5kb3dQcm9wZXJ0eS5oIGIvU291cmNlL1dl YkNvcmUvcGFnZS9ET01XaW5kb3dQcm9wZXJ0eS5oCmluZGV4IDQ0MWJjMjQuLmUyZGNjNDQgMTAw NjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BhZ2UvRE9NV2luZG93UHJvcGVydHkuaAorKysgYi9T b3VyY2UvV2ViQ29yZS9wYWdlL0RPTVdpbmRvd1Byb3BlcnR5LmgKQEAgLTQ3LDcgKzQ3LDcgQEAg cHJvdGVjdGVkOgogICAgIHZpcnR1YWwgfkRPTVdpbmRvd1Byb3BlcnR5KCk7CiAKICAgICBGcmFt ZSogbV9mcmFtZTsKLSAgICBET01XaW5kb3cqIG1fZGlzY29ubmVjdGVkRE9NV2luZG93OworICAg IERPTVdpbmRvdyogbV9hc3NvY2lhdGVkRE9NV2luZG93OwogfTsKIAogfQo=