Bug 138164

Summary: Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons-and-dragons/story
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Page LoadingAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Critical CC: andersca, ap, barraclough, commit-queue, darin, kling, rniwa, sam
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 138079    
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2014-10-28 18:13:36 PDT
Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons-and-dragons/story This is due to the HTTPHeaderMap iterator not initializing the KeyValue correctly when there are only uncommon headers. BackTrace: 0 com.apple.JavaScriptCore 0x000000010d48488a WTFCrash + 42 1 com.apple.WebCore 0x000000010ea7283e WTF::CaseFoldingHash::hash(WTF::StringImpl*) + 62 (StringHash.h:97) 2 com.apple.WebCore 0x000000010ea727ed WTF::CaseFoldingHash::hash(WTF::String const&) + 29 (StringHash.h:128) 3 com.apple.WebCore 0x000000010ea725c5 unsigned int WTF::IdentityHashTranslator<WTF::CaseFoldingHash>::hash<WTF::String>(WTF::String const&) + 21 (HashTable.h:281) 4 com.apple.WebCore 0x000000010ec0e7c0 WTF::KeyValuePair<WTF::String, WTF::String>* WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WTF::String> >, WTF::CaseFoldingHash, WTF::HashMap<WTF::String, WTF::String, WTF::CaseFoldingHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::lookup<WTF::IdentityHashTranslator<WTF::CaseFoldingHash>, WTF::String>(WTF::String const&) + 80 (HashTable.h:595) 5 com.apple.WebCore 0x000000010ec0ea6d WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WTF::String> >, WTF::CaseFoldingHash, WTF::HashMap<WTF::String, WTF::String, WTF::CaseFoldingHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::lookup(WTF::String const&) + 29 (HashTable.h:407) 6 com.apple.WebCore 0x000000010ec0e54b WTF::HashMap<WTF::String, WTF::String, WTF::CaseFoldingHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::get(WTF::String const&) const + 43 (HashMap.h:351) 7 com.apple.WebCore 0x000000010ec0dbe6 WebCore::CachedRawResource::canReuse(WebCore::ResourceRequest const&) const + 742 (CachedRawResource.cpp:249) 8 com.apple.WebCore 0x000000010ec222ea WebCore::CachedResourceLoader::determineRevalidationPolicy(WebCore::CachedResource::Type, WebCore::ResourceRequest&, bool, WebCore::CachedResource*, WebCore::CachedResourceRequest::DeferOption) const + 186 (CachedResourceLoader.cpp:576) 9 com.apple.WebCore 0x000000010ec211bc WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 1228 (CachedResourceLoader.cpp:455) 10 com.apple.WebCore 0x000000010ec21c80 WebCore::CachedResourceLoader::requestRawResource(WebCore::CachedResourceRequest&) + 64 (CachedResourceLoader.cpp:249) 11 com.apple.WebCore 0x000000010f038145 WebCore::DocumentThreadableLoader::loadRequest(WebCore::ResourceRequest const&, WebCore::SecurityCheckPolicy) + 709 (DocumentThreadableLoader.cpp:386) 12 com.apple.WebCore 0x000000010f037cf1 WebCore::DocumentThreadableLoader::DocumentThreadableLoader(WebCore::Document&, WebCore::ThreadableLoaderClient&, WebCore::DocumentThreadableLoader::BlockingBehavior, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 481 (DocumentThreadableLoader.cpp:86) 13 com.apple.WebCore 0x000000010f037a1b WebCore::DocumentThreadableLoader::DocumentThreadableLoader(WebCore::Document&, WebCore::ThreadableLoaderClient&, WebCore::DocumentThreadableLoader::BlockingBehavior, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 59 (DocumentThreadableLoader.cpp:95) 14 com.apple.WebCore 0x000000010f037a86 WebCore::DocumentThreadableLoader::create(WebCore::Document&, WebCore::ThreadableLoaderClient&, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 86 (DocumentThreadableLoader.cpp:67) 15 com.apple.WebCore 0x00000001108d0227 WebCore::ThreadableLoader::create(WebCore::ScriptExecutionContext*, WebCore::ThreadableLoaderClient*, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 295 (ThreadableLoader.cpp:62) 16 com.apple.WebCore 0x0000000110ab1461 WebCore::XMLHttpRequest::createRequest(int&) + 1825 (XMLHttpRequest.cpp:793) 17 com.apple.WebCore 0x0000000110ab096f WebCore::XMLHttpRequest::send(WTF::String const&, int&) + 751 (XMLHttpRequest.cpp:646) 18 com.apple.WebCore 0x0000000110ab0665 WebCore::XMLHttpRequest::send(int&) + 53 (XMLHttpRequest.cpp:587) 19 com.apple.WebCore 0x000000010fde9f8c WebCore::JSXMLHttpRequest::send(JSC::ExecState*) + 172 (JSXMLHttpRequestCustom.cpp:149) 20 com.apple.WebCore 0x000000010fde685f WebCore::jsXMLHttpRequestPrototypeFunctionSend(JSC::ExecState*) + 383 (JSXMLHttpRequest.cpp:934) Radar: <rdar://problem/18801997>
Attachments
Patch (5.09 KB, patch)
2014-10-28 20:26 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2014-10-28 18:41:45 PDT
The fix is trivial but I am trying to write a layout test for it.
Chris Dumez
Comment 2 2014-10-28 20:26:53 PDT
Created attachment 240589 [details] Patch
Andreas Kling
Comment 3 2014-10-29 00:19:25 PDT
Comment on attachment 240589 [details] Patch r=me, thanks for the quick fix!
WebKit Commit Bot
Comment 4 2014-10-29 00:58:56 PDT
Comment on attachment 240589 [details] Patch Clearing flags on attachment: 240589 Committed r175312: <http://trac.webkit.org/changeset/175312>
WebKit Commit Bot
Comment 5 2014-10-29 00:59:01 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.