Bug 173271

Summary: Null dereference under WebProcessPool::pageRemovedFromProcess()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, commit-queue, ggaren, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2017-06-12 13:58:45 PDT
Null dereference under WebProcessPool::pageRemovedFromProcess(): Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000028 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebKit 0x000000018da454b8 WebKit::ChildProcessProxy::sendMessage(std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>) + 16 (RefPtr.h:80) 1 WebKit 0x000000018dc5025c bool WebKit::ChildProcessProxy::send<Messages::NetworkProcess::DestroySession>(Messages::NetworkProcess::DestroySession&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 116 (ChildProcessProxy.h:110) 2 WebKit 0x000000018dc5025c bool WebKit::ChildProcessProxy::send<Messages::NetworkProcess::DestroySession>(Messages::NetworkProcess::DestroySession&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 116 (ChildProcessProxy.h:110) 3 WebKit 0x000000018dc52264 WebKit::WebProcessPool::pageRemovedFromProcess(WebKit::WebPageProxy&) + 152 (WebProcessPool.cpp:968) 4 WebKit 0x000000018dc5c7b0 WebKit::WebProcessProxy::removeWebPage(WebKit::WebPageProxy&, unsigned long long) + 112 (WebProcessProxy.cpp:298) 5 WebKit 0x000000018dbddf40 WebKit::WebPageProxy::reattachToWebProcess() + 44 (WebPageProxy.cpp:710) 6 WebKit 0x000000018dbde328 WebKit::WebPageProxy::reattachToWebProcessForReload() + 52 (WebPageProxy.cpp:749) 7 WebKit 0x000000018dbe090c WebKit::WebPageProxy::reload(WTF::OptionSet<WebCore::ReloadOption>) + 328 (WebPageProxy.cpp:1172) 8 WebKit 0x000000018dd004a4 -[WKWebView reload] + 52 (WKWebView.mm:846) 9 SafariServices 0x000000018bcb346c -[_SFBrowserContentViewController webViewControllerWebProcessDidCrash:] + 468 (_SFBrowserContentViewController.mm:1715) 10 SafariServices 0x000000018bc771ac -[SFWebViewController _webViewWebProcessDidCrash:] + 76 (SFWebViewController.mm:293) 11 WebKit 0x000000018da8af44 WebKit::NavigationState::NavigationClient::processDidCrash(WebKit::WebPageProxy&) + 92 (NavigationState.mm:729) 12 WebKit 0x000000018dbeefb4 WebKit::WebPageProxy::processDidCrash() + 460 (WebPageProxy.cpp:0) 13 WebKit 0x000000018dc5dd0c WebKit::WebProcessProxy::didClose(IPC::Connection&) + 264 (WebProcessProxy.cpp:603) 14 JavaScriptCore 0x00000001889c0450 WTF::RunLoop::performWork() + 344 (Function.h:50) 15 JavaScriptCore 0x00000001889c0680 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 16 CoreFoundation 0x0000000185582d10 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1960) 17 CoreFoundation 0x00000001855825f4 __CFRunLoopDoSources0 + 452 (CFRunLoop.c:2025) 18 CoreFoundation 0x000000018558016c __CFRunLoopRun + 844 (CFRunLoop.c:2842) 19 CoreFoundation 0x000000018549ad2c CFRunLoopRunSpecific + 436 (CFRunLoop.c:3146) 20 GraphicsServices 0x0000000196125f94 GSEventRunModal + 100 (GSEvent.c:2245) 21 UIKit 0x000000018c5c3404 UIApplicationMain + 208 (UIApplication.m:3833) 22 SafariViewService 0x0000000103f2295c main + 244 (main.m:56) 23 libdyld.dylib 0x00000001a93bdd48 start + 4
Attachments
Patch (1.91 KB, patch)
2017-06-12 14:01 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2017-06-12 13:59:09 PDT
<rdar://problem/32038814>
Chris Dumez
Comment 2 2017-06-12 14:01:00 PDT
Created attachment 312691 [details] Patch
WebKit Commit Bot
Comment 3 2017-06-12 14:32:02 PDT
Comment on attachment 312691 [details] Patch Clearing flags on attachment: 312691 Committed r218138: <http://trac.webkit.org/changeset/218138>
WebKit Commit Bot
Comment 4 2017-06-12 14:32:04 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.