Bug 145748

Summary: WebContent crash in WebCore::Page::sessionID() const + 0 (Page.cpp:1660)
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Page LoadingAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, barraclough, beidson, commit-queue, ddkilzer, japhet
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=145422
https://bugs.webkit.org/show_bug.cgi?id=146299
Attachments:
Description Flags
Patch
none
Patch none

Chris Dumez
Reported 2015-06-07 17:42:19 PDT
WebContent crash in WebCore::Page::sessionID() const + 0 (Page.cpp:1660): 0 WebCore 0x0000000101a9d368 WebCore::Page::sessionID() const + 0 1 WebCore 0x00000001010b2d18 WebCore::DocumentLoader::stopLoading() + 452 2 WebCore 0x00000001010c26b8 WebCore::DocumentLoader::detachFromFrame() + 60 3 WebCore 0x0000000101149948 WebCore::FrameLoader::detachViewsAndDocumentLoader() + 84 4 WebCore 0x0000000101142e0c WebCore::CachedFrame::destroy() + 56 5 WebCore 0x0000000101142e3c WebCore::CachedFrame::destroy() + 104 6 WebCore 0x0000000101142da4 WebCore::CachedPage::~CachedPage() + 24 7 WebCore 0x0000000101a9e478 WebCore::PageCache::prune(WebCore::PruningReason) + 72 8 WebCore 0x0000000101a9e41c WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) + 28 This happens because we are not supposed to exercise this code path when destroying a PageCache entry. Pages in the PageCache are not supposed to have DocumentLoaders that are loading. r185017 made sure we don't insert into the PageCache pages that are still loading. However, nothing currently prevents content from starting new loads in their 'pagehide' event handlers, *after* being inserted in the PageCache. Radar: <rdar://problem/21226577>
Attachments
Patch (31.54 KB, patch)
2015-06-07 21:58 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (31.58 KB, patch)
2015-06-08 15:56 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-06-07 21:58:27 PDT
Created attachment 254474 [details] Patch
Brady Eidson
Comment 2 2015-06-08 14:21:02 PDT
Comment on attachment 254474 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=254474&action=review > Source/WebCore/ChangeLog:11 > + We would sometimes crash when pruning the PageCache because it was > + possible for frames to still be loading while in the PageCache and > + we would try to stop the load when the CachedFrame. This code path when the CachedFrame... what? Is constructed? > Source/WebCore/page/Page.h:160 > + enum DismissalType { > + NoDismissal, > + BeforeUnloadDismissal, > + PageHideDismissal, > + UnloadDismissal > + }; enum class, please! With updated names: enum class DismissalType { None, BeforeUnload, PageHide, Unload }
Chris Dumez
Comment 3 2015-06-08 15:56:39 PDT
Created attachment 254518 [details] Patch
WebKit Commit Bot
Comment 4 2015-06-08 16:45:00 PDT
Comment on attachment 254518 [details] Patch Clearing flags on attachment: 254518 Committed r185337: <http://trac.webkit.org/changeset/185337>
WebKit Commit Bot
Comment 5 2015-06-08 16:45:05 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.