Bug 11439

Summary: REGRESSION: Another page loading crash
Product: WebKit Reporter: Matt Lilek <dev+webkit>
Component: Page LoadingAssignee: John Sullivan <sullivan>
Status: RESOLVED FIXED    
Severity: Normal CC: sullivan
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=windows&articleId=9004437&taxonomyId=125
Attachments:
Description Flags
patch to restore nil-handling behavior andersca: review+

Matt Lilek
Reported 2006-10-27 13:46:25 PDT
The above url causes WebKit to crash with the following backtrace: 0 com.apple.WebCore 0x013f5130 WebCore::DocumentLoader::originalRequestCopy() const + 0 1 com.apple.WebKit 0x0032c0b0 -[WebFrame(WebInternal) _createItemTreeWithTargetFrame:clippedAtTarget:] + 80 2 com.apple.WebKit 0x0032c13c -[WebFrame(WebInternal) _createItemTreeWithTargetFrame:clippedAtTarget:] + 220 3 com.apple.WebKit 0x0032788c -[WebFrame(WebInternal) _addBackForwardItemClippedAtTarget:] + 108 4 com.apple.WebCore 0x013fa9d4 WebCore::FrameLoader::transitionToCommitted(NSDictionary*) + 372 5 com.apple.WebCore 0x013fc0fc WebCore::FrameLoader::commitProvisionalLoad(NSDictionary*) + 252 6 com.apple.WebCore 0x013f4e98 WebCore::DocumentLoader::commitLoad(NSData*) + 56 7 com.apple.WebCore 0x013f5504 WebCore::DocumentLoader::receivedData(NSData*) + 164 8 com.apple.WebCore 0x013ffedc WebCore::WebResourceLoader::didReceiveData(NSData*, long long, bool) + 76 9 com.apple.WebCore 0x01401c14 WebCore::MainResourceLoader::didReceiveData(NSData*, long long, bool) + 52 10 com.apple.WebCore 0x013ff0d4 -[WebCoreResourceLoaderAsDelegate connection:didReceiveData:lengthReceived:] + 84
Attachments
patch to restore nil-handling behavior (1.50 KB, patch)
2006-10-27 14:31 PDT, John Sullivan 		andersca: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
John Sullivan
Comment 1 2006-10-27 14:07:33 PDT
Crash is here: if (useOriginal) request = [dataSrc _documentLoader]->originalRequestCopy(); else request = [dataSrc request]; I suspect the fix is to fall back to [dataSrc request] in the case where [dataSrc _documentLoader] returns nil, but someone should check what this code used to do in the case where [dataSrc _documentLoader] returned nil.
John Sullivan
Comment 2 2006-10-27 14:22:47 PDT
- (WebHistoryItem *)_createItem:(BOOL)useOriginal { WebDataSource *dataSrc = [self dataSource]; dataSrc is nil here, which is why [dataSrc _documentLoader]->originalRequestCopy() crashes. The crashing line used to be: request = [[dataSrc _documentLoader] originalRequestCopy]; The change was in 17245. I'll test the simple fix of changing this one line.
John Sullivan
Comment 3 2006-10-27 14:31:51 PDT
Created attachment 11261 [details] patch to restore nil-handling behavior
Anders Carlsson
Comment 4 2006-10-27 14:34:10 PDT
Comment on attachment 11261 [details] patch to restore nil-handling behavior r=me
John Sullivan
Comment 5 2006-10-27 14:35:29 PDT
Checked in as svn revision 17388.
Note You need to log in before you can comment on or make changes to this bug.