Bug 178861

Summary: ASSERTION FAILED: internalValuesConsistent(m_url) in WebCore::URLParser::URLParser
Product: WebKit Reporter: Renata Hodovan <hodovan>
Component: WebCore Misc.Assignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test
none
Patch thorton: review+

Renata Hodovan
Reported 2017-10-26 05:35:14 PDT
Created attachment 324995 [details] Test Load the attached test with debug WebKitTestRunner: <html manifest=" file://144.5.0.7:1?F~=>&P;%z=.& =Ep&#=@#zm2{GT "> Checked version: 9e82982 OS: macOS Sierra (10.12.6) Backtrace: ASSERTION FAILED: internalValuesConsistent(m_url) WebKit/Source/WebCore/platform/URLParser.cpp(1174) : WebCore::URLParser::URLParser(const WTF::String &, const WebCore::URL &, const WebCore::TextEncoding &) 1 0x131db9321 WTFCrash 2 0x11a089cf2 WebCore::URLParser::URLParser(WTF::String const&, WebCore::URL const&, WebCore::TextEncoding const&) 3 0x11a0a476d WebCore::URLParser::URLParser(WTF::String const&, WebCore::URL const&, WebCore::TextEncoding const&) 4 0x11a06eaf2 WebCore::URL::URL(WebCore::URL const&, WTF::String const&, WebCore::TextEncoding const&) 5 0x11a06ec2d WebCore::URL::URL(WebCore::URL const&, WTF::String const&, WebCore::TextEncoding const&) 6 0x11935c24c WebCore::Document::completeURL(WTF::String const&, WebCore::URL const&) const 7 0x119346fc9 WebCore::Document::completeURL(WTF::String const&) const 8 0x11331a33c WebCore::HTMLHtmlElement::insertedByParser() 9 0x1131fd29d WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML(WebCore::AtomicHTMLToken&&) 10 0x1135b769e WebCore::HTMLTreeBuilder::processStartTag(WebCore::AtomicHTMLToken&&) 11 0x1135b6c08 WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&&) 12 0x1135b58bc WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&&) 13 0x113285fb8 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) 14 0x113285918 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) 15 0x113282637 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 16 0x113281d70 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 17 0x113287a93 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) 18 0x1192fab9e WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) 19 0x119d4422c WebCore::DocumentWriter::end() 20 0x119d42794 WebCore::DocumentLoader::finishedLoading() 21 0x119d42164 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) 22 0x119d42a8c non-virtual thunk to WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) 23 0x119fd2ee9 WebCore::CachedResource::checkNotify() 24 0x119fcb004 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) 25 0x119fccf93 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) 26 0x119efdfa0 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) 27 0x10d74cf5a WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) 28 0x10d7599e0 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) 29 0x10d7595f9 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) 30 0x10d756820 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) 31 0x10d75484b WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) ASAN:DEADLYSIGNAL ================================================================= ==83759==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000131db9359 bp 0x7fff5a71af30 sp 0x7fff5a71af20 T0) ==83759==The signal is caused by a WRITE memory access. ==83759==WARNING: invalid path to external symbolizer! ==83759==WARNING: Failed to use and restart external symbolizer! #0 0x131db9358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) #1 0x11a089cf1 in WebCore::URLParser::URLParser(WTF::String const&, WebCore::URL const&, WebCore::TextEncoding const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x802ccf1) #2 0x11a0a476c in WebCore::URLParser::URLParser(WTF::String const&, WebCore::URL const&, WebCore::TextEncoding const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x804776c) #3 0x11a06eaf1 in WebCore::URL::URL(WebCore::URL const&, WTF::String const&, WebCore::TextEncoding const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8011af1) #4 0x11a06ec2c in WebCore::URL::URL(WebCore::URL const&, WTF::String const&, WebCore::TextEncoding const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8011c2c) #5 0x11935c24b in WebCore::Document::completeURL(WTF::String const&, WebCore::URL const&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72ff24b) #6 0x119346fc8 in WebCore::Document::completeURL(WTF::String const&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72e9fc8) #7 0x11331a33b in WebCore::HTMLHtmlElement::insertedByParser() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x12bd33b) #8 0x1131fd29c in WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML(WebCore::AtomicHTMLToken&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x11a029c) #9 0x1135b769d in WebCore::HTMLTreeBuilder::processStartTag(WebCore::AtomicHTMLToken&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x155a69d) #10 0x1135b6c07 in WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1559c07) #11 0x1135b58bb in WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x15588bb) #12 0x113285fb7 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1228fb7) #13 0x113285917 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1228917) #14 0x113282636 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1225636) #15 0x113281d6f in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224d6f) #16 0x113287a92 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122aa92) #17 0x1192fab9d in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x729db9d) #18 0x119d4422b in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce722b) #19 0x119d42793 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5793) #20 0x119d42163 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5163) #21 0x119d42a8b in non-virtual thunk to WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5a8b) #22 0x119fd2ee8 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f75ee8) #23 0x119fcb003 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6e003) #24 0x119fccf92 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6ff92) #25 0x119efdf9f in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea0f9f) #26 0x10d74cf59 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a6f59) #27 0x10d7599df in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b39df) #28 0x10d7595f8 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b35f8) #29 0x10d75681f in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b081f) #30 0x10d75484a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23ae84a) #31 0x10bd4d571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571) #32 0x10b6c888a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a) #33 0x10b6ac198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198) #34 0x10b6c95b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7) #35 0x10b7084bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc) #36 0x10b7083e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8) #37 0x131e537e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2) #38 0x131eaae1e in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefe1e) #39 0x131eabd78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78) #40 0x7fffa6c5e320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320) #41 0x7fffa6c3f21c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c) #42 0x7fffa6c3e715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715) #43 0x7fffa6c3e113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #44 0x7fffa619eebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #45 0x7fffa619ecf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #46 0x7fffa619eb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #47 0x7fffa4737a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #48 0x7fffa4eb37ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #49 0x7fffa472c3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #50 0x7fffa46f6e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #51 0x7fffbc61f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #52 0x7fffbc61e2e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #53 0x1054dfdc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0) #54 0x7fffbc3c6234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) ==83759==Register values: rax = 0x00000000bbadbeef rbx = 0x00007fff5a71b0e0 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000 rdi = 0x00001fffeb4e359c rsi = 0x0000000000000000 rbp = 0x00007fff5a71af30 rsp = 0x00007fff5a71af20 r8 = 0x000000000000005f r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff r12 = 0x00007fff5a71af80 r13 = 0x00007fff5a71b000 r14 = 0x000000011af5cbbb r15 = 0x00007fff5a71af60 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash ==83759==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 83759) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test (66 bytes, text/html)
2017-10-26 05:35 PDT, Renata Hodovan 		no flags
Details
Patch (4.15 KB, patch)
2017-10-30 14:48 PDT, Alex Christensen 		thorton: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-10-30 09:14:56 PDT
<rdar://problem/35250490>
Alex Christensen
Comment 2 2017-10-30 14:48:31 PDT
Created attachment 325380 [details] Patch
Alex Christensen
Comment 3 2017-10-30 14:55:43 PDT
http://trac.webkit.org/r224202
Note You need to log in before you can comment on or make changes to this bug.