Bug 172952

Summary:

fast/frames/sandboxed-iframe-navigation-top-denied.html is crashing in Inspector::createScriptCallStackForConsole::Exec for GTK

Product:

WebKit

Reporter:

Michael Catanzaro <mcatanzaro>

Component:

Web Inspector

Assignee:

Fujii Hironori <Hironori.Fujii>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bugs-noreply, commit-queue, ews-watchlist, Hironori.Fujii, inspector-bugzilla-changes, joepeck, keith_miller, mark.lam, mcatanzaro, msaboff, rniwa, saam, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

Other

Hardware:

OS:

Linux

Attachments:

Description	Flags
debug patch	none
Archive of layout-test-results from ews101 for mac-sierra	none
Archive of layout-test-results from ews104 for mac-sierra-wk2	none
Archive of layout-test-results from ews123 for ios-simulator-wk2	none
Archive of layout-test-results from ews201 for win-future	none
Patch	none

Michael Catanzaro

Reported 2017-06-05 20:29:17 PDT

fast/frames/sandboxed-iframe-navigation-top-denied.html is crashing on the GTK release bot. This is caused by either the upgrade to Debian Stretch (r217598), or by r217599. I guess probably the former. Thread 1 (Thread 0x7f040b72ef00 (LWP 32431)): #0 0x00007f0418aa4f42 in _ZN9Inspector31createScriptCallStackForConsoleEPN3JSC9ExecStateEm () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #1 0x00007f0418a7549b in _ZN9Inspector14ConsoleMessage20autogenerateMetadataEPN3JSC9ExecStateE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #2 0x00007f041ec0cfc2 in _ZN7WebCore17PageConsoleClient10addMessageEN3JSC13MessageSourceENS1_12MessageLevelERKN3WTF6StringES7_jjONS4_6RefPtrIN9Inspector15ScriptCallStackEEEPNS1_9ExecStateEm () #3 0x00007f041ec0d0d4 in _ZN7WebCore17PageConsoleClient10addMessageEN3JSC13MessageSourceENS1_12MessageLevelERKN3WTF6StringEmPNS_8DocumentE () #4 0x00007f041e717ed1 in _ZN7WebCoreL27printNavigationErrorMessageEPNS_5FrameERKNS_3URLEPKc () #5 0x00007f041e71819f in _ZN7WebCore8Document11canNavigateEPNS_5FrameE () #6 0x00007f041eaab0a9 in _ZN7WebCore11FrameLoader22findFrameForNavigationERKN3WTF12AtomicStringEPNS_8DocumentE () #7 0x00007f041ebfd56f in _ZN7WebCore8Location11setLocationERNS_9DOMWindowES2_RKN3WTF6StringE () #8 0x00007f041c7e2eed in _ZN7WebCore22setJSDOMWindowLocationEPN3JSC9ExecStateEll () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007f0418cf61be in _ZN3JSC16callCustomSetterEPNS_9ExecStateEPFbS1_llEbNS_7JSValueES4_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #10 0x00007f041e51be7a in _ZN7WebCore11JSDOMWindow3putEPN3JSC6JSCellEPNS1_9ExecStateENS1_12PropertyNameENS1_7JSValueERNS1_15PutPropertySlotE () #11 0x00007f0418acfa26 in _ZN3JSC11Interpreter14executeProgramERKNS_10SourceCodeEPNS_9ExecStateEPNS_8JSObjectE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #12 0x00007f0418cebfbd in _ZN3JSC8evaluateEPNS_9ExecStateERKNS_10SourceCodeENS_7JSValueERN3WTF8NakedPtrINS_9ExceptionEEE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #13 0x00007f0418cec231 in _ZN3JSC16profiledEvaluateEPNS_9ExecStateENS_15ProfilingReasonERKNS_10SourceCodeENS_7JSValueERN3WTF8NakedPtrINS_9ExceptionEEE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #14 0x00007f041e5596e3 in _ZN7WebCore16ScriptController15evaluateInWorldERKNS_16ScriptSourceCodeERNS_15DOMWrapperWorldEPNS_16ExceptionDetailsE () #15 0x00007f041e5598a3 in _ZN7WebCore16ScriptController8evaluateERKNS_16ScriptSourceCodeEPNS_16ExceptionDetailsE () #16 0x00007f041e78eec7 in _ZN7WebCore13ScriptElement20executeClassicScriptERKNS_16ScriptSourceCodeE () #17 0x00007f041e79389c in _ZN7WebCore13ScriptElement13prepareScriptERKN3WTF12TextPositionENS0_17LegacyTypeSupportE () #18 0x00007f041e9ab7fb in _ZN7WebCore16HTMLScriptRunner9runScriptERNS_13ScriptElementERKN3WTF12TextPositionE () #19 0x00007f041e9ac0cf in _ZN7WebCore16HTMLScriptRunner7executeEON3WTF3RefINS_13ScriptElementEEERKNS1_12TextPositionE () #20 0x00007f041e99775d in _ZN7WebCore18HTMLDocumentParser30runScriptsForPausedTreeBuilderEv () #21 0x00007f041e997fdd in _ZN7WebCore18HTMLDocumentParser17pumpTokenizerLoopENS0_15SynchronousModeEbRNS_11PumpSessionE () #22 0x00007f041e9982d0 in _ZN7WebCore18HTMLDocumentParser13pumpTokenizerENS0_15SynchronousModeE () #23 0x00007f041e99bb9a in _ZN7WebCore18HTMLDocumentParser6appendEON3WTF6RefPtrINS1_10StringImplEEE () #24 0x00007f041e6ff45b in _ZN7WebCore25DecodedDataDocumentParser5flushERNS_14DocumentWriterE () #25 0x00007f041ea9d08d in _ZN7WebCore14DocumentWriter3endEv () #26 0x00007f041ea8cfc6 in _ZN7WebCore14DocumentLoader15finishedLoadingEv () #27 0x00007f041eb6b764 in _ZN7WebCore14CachedResource11checkNotifyEv.part.230 () #28 0x00007f041eb625b7 in _ZN7WebCore17CachedRawResource13finishLoadingEPNS_12SharedBufferE () #29 0x00007f041eb11332 in _ZN7WebCore17SubresourceLoader16didFinishLoadingERKNS_18NetworkLoadMetricsE () #30 0x00007f041b49eea5 in _ZN3IPC13handleMessageIN8Messages17WebResourceLoader21DidFinishResourceLoadEN6WebKit17WebResourceLoaderEMS5_FvRKN7WebCore18NetworkLoadMetricsEEEEvRNS_7DecoderEPT0_T1_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #31 0x00007f041b49eb5f in _ZN6WebKit17WebResourceLoader34didReceiveWebResourceLoaderMessageERN3IPC10ConnectionERNS1_7DecoderE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #32 0x00007f041b0c125b in _ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_7DecoderESt14default_deleteIS2_EE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #33 0x00007f041b0c218c in _ZN3IPC10Connection18dispatchOneMessageEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #34 0x00007f04190234a5 in _ZN3WTF7RunLoop11performWorkEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #35 0x00007f0419058a29 in _ZZN3WTF7RunLoopC4EvENUlPvE_4_FUNES1_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #36 0x00007f0416dfa5ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212 #37 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865 #38 0x00007f0416dfa948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938 #39 0x00007f0416dfac62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134 #40 0x00007f04190593d0 in _ZN3WTF7RunLoop3runEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #41 0x00007f041b454242 in _ZN6WebKit16ChildProcessMainINS_10WebProcessENS_14WebProcessMainEEEiiPPc () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #42 0x00007f041272f2b1 in __libc_start_main (main=0x7f041e2e95b0 <main>, argc=2, argv=0x7ffd707c2658, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd707c2648) at ../csu/libc-start.c:291 #43 0x00007f041e2e9aca in _start ()

Attachments
debug patch (621 bytes, patch) 2018-02-02 01:58 PST, Fujii Hironori	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews101 for mac-sierra (2.30 MB, application/zip) 2018-02-02 03:01 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews104 for mac-sierra-wk2 (2.58 MB, application/zip) 2018-02-02 03:06 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews123 for ios-simulator-wk2 (2.22 MB, application/zip) 2018-02-02 03:32 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews201 for win-future (11.50 MB, application/zip) 2018-02-02 06:19 PST, EWS Watchlist	no flags	Details
Patch (3.51 KB, patch) 2018-02-04 18:34 PST, Fujii Hironori	no flags	Details Formatted Diff Diff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2018-02-02 01:58:38 PST

Created attachment 332948 [details] debug patch This crash can't be reproduced with Debug build. But, if I apply this debug patch, I can reproduce the crash with Debug build. GTK port, Debug build, trunk@227995 Crash log: https://gist.github.com/fujii/880103ac36491f17b0affa429870a78c

EWS Watchlist

Comment 2 2018-02-02 03:01:58 PST

Comment on attachment 332948 [details] debug patch Attachment 332948 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/6329325 New failing tests: fast/frames/sandboxed-iframe-navigation-top-denied.html

EWS Watchlist

Comment 3 2018-02-02 03:01:59 PST

Created attachment 332952 [details] Archive of layout-test-results from ews101 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-sierra Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 4 2018-02-02 03:06:23 PST

Comment on attachment 332948 [details] debug patch Attachment 332948 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/6329338 New failing tests: fast/frames/sandboxed-iframe-navigation-top-denied.html

EWS Watchlist

Comment 5 2018-02-02 03:06:24 PST

Created attachment 332953 [details] Archive of layout-test-results from ews104 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 6 2018-02-02 03:32:32 PST

Comment on attachment 332948 [details] debug patch Attachment 332948 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/6329365 New failing tests: fast/frames/sandboxed-iframe-navigation-top-denied.html

EWS Watchlist

Comment 7 2018-02-02 03:32:34 PST

Created attachment 332954 [details] Archive of layout-test-results from ews123 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 8 2018-02-02 06:18:50 PST

Comment on attachment 332948 [details] debug patch Attachment 332948 [details] did not pass win-ews (win): Output: http://webkit-queues.webkit.org/results/6330425 New failing tests: fast/frames/sandboxed-iframe-navigation-top-denied.html

EWS Watchlist

Comment 9 2018-02-02 06:19:00 PST

Created attachment 332964 [details] Archive of layout-test-results from ews201 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews201 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit

Fujii Hironori

Comment 10 2018-02-02 14:11:46 PST

These EWS test failures means mac port also have this null dereference issue. What does it mean if topCallFrame is null? Should I do null-check?

Fujii Hironori

Comment 11 2018-02-04 18:12:55 PST

(In reply to Fujii Hironori from comment #10) > These EWS test failures means mac port also have this null dereference issue. > What does it mean if topCallFrame is null? > Should I do null-check? I guess that's because scripts are not executed at all in this case. I need to do null-check there.

Fujii Hironori

Comment 12 2018-02-04 18:34:33 PST

Created attachment 333058 [details] Patch

WebKit Commit Bot

Comment 13 2018-02-16 09:46:17 PST

Comment on attachment 333058 [details] Patch Clearing flags on attachment: 333058 Committed r228561: <https://trac.webkit.org/changeset/228561>

WebKit Commit Bot

Comment 14 2018-02-16 09:46:19 PST

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 15 2018-02-16 09:48:13 PST

<rdar://problem/37608174>

Note You need to log in before you can comment on or make changes to this bug.