Bug 179917

Summary: WebDriver: crash in Session::computeElementLayout when called without a current browsing context
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebDriverAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bburg, darin, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch darin: review+

Description Carlos Garcia Campos 2017-11-21 05:18:50 PST
In the case of computeElementLayout message, the frameHandle parameter is not optional, but we still need to provide a valid value (empty string means the default frame) when m_currentBrowsingContext is std::nullopt. The same applies to selectOptionElement.

#0  0x00007ffaefa27c3f in Inspector::InspectorValue::create(WTF::String const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1  0x00005619b41707e7 in Inspector::InspectorObjectBase::setString(WTF::String const&, WTF::String const&) ()
#2  0x00005619b4166ac2 in WebDriver::Session::computeElementLayout(WTF::String const&, WTF::OptionSet<WebDriver::Session::ElementLayoutOption>, WTF::Function<void (std::optional<WebDriver::Session::Rect>&&, std::optional<WebDriver::Session::Point>&&, bool, WTF::RefPtr<Inspector::InspectorObject>&&)>&&) ()
#3  0x00005619b4166e5c in WebDriver::Session::elementClick(WTF::String const&, WTF::Function<void (WebDriver::CommandResult&&)>&&) ()
#4  0x00005619b4176ff2 in WebDriver::WebDriverService::elementClick(WTF::RefPtr<Inspector::InspectorObject>&&, WTF::Function<void (WebDriver::CommandResult&&)>&&) ()
#5  0x00005619b417cf61 in WebDriver::WebDriverService::handleRequest(WebDriver::HTTPRequestHandler::Request&&, WTF::Function<void (WebDriver::HTTPRequestHandler::Response&&)>&&) ()
#6  0x00005619b4182bdd in WebDriver::HTTPServer::listen(unsigned int)::{lambda(_SoupServer*, _SoupMessage*, char const*, _GHashTable*, SoupClientContext*, void*)#1}::_FUN(_SoupServer*, _SoupMessage*, char const*, _GHashTable*, SoupClientContext*, void*) ()
#7  0x00007ffaeef0c00f in call_handler (early=0, msg=0x5619b4a34390, client=0x5619b4a30c00, handler=0x5619b4a04640, server=0x5619b4a258c0) at soup-server.c:1259
#8  got_body (msg=0x5619b4a34390, client=0x5619b4a30c00) at soup-server.c:1400
#9  0x00007ffaec66b62d in g_closure_invoke (closure=0x5619b4a3ae40, return_value=0x0, n_param_values=1, param_values=0x7ffe4332f550, invocation_hint=0x7ffe4332f4f0) at gclosure.c:804
#10 0x00007ffaec67e50e in signal_emit_unlocked_R (node=node@entry=0x5619b4a31b00, detail=detail@entry=0, instance=instance@entry=0x5619b4a34390, emission_return=emission_return@entry=0x0, 
    instance_and_params=instance_and_params@entry=0x7ffe4332f550) at gsignal.c:3635
#11 0x00007ffaec686eb5 in g_signal_emit_valist (instance=0x5619b4a34390, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffe4332f6e8) at gsignal.c:3391
#12 0x00007ffaec687872 in g_signal_emit (instance=instance@entry=0x5619b4a34390, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
#13 0x00007ffaeef003ef in soup_message_got_body (msg=msg@entry=0x5619b4a34390) at soup-message.c:1140
#14 0x00007ffaeef04b1a in io_read (msg=msg@entry=0x5619b4a34390, blocking=blocking@entry=0, cancellable=cancellable@entry=0x0, error=error@entry=0x7ffe4332f898) at soup-message-io.c:781
#15 0x00007ffaeef051d6 in io_run_until (msg=msg@entry=0x5619b4a34390, blocking=blocking@entry=0, read_state=read_state@entry=SOUP_MESSAGE_IO_STATE_DONE, 
    write_state=write_state@entry=SOUP_MESSAGE_IO_STATE_DONE, cancellable=cancellable@entry=0x0, error=error@entry=0x7ffe4332f8e8) at soup-message-io.c:977
#16 0x00007ffaeef05bab in io_run (msg=msg@entry=0x5619b4a34390, blocking=blocking@entry=0) at soup-message-io.c:1048
#17 0x00007ffaeef05e28 in soup_message_io_server (msg=msg@entry=0x5619b4a34390, iostream=<optimized out>, async_context=<optimized out>, 
    get_headers_cb=get_headers_cb@entry=0x7ffaeef06900 <get_response_headers>, parse_headers_cb=parse_headers_cb@entry=0x7ffaeef06490 <parse_request_headers>, 
    header_data=header_data@entry=0x5619b4a2b440, completion_cb=0x7ffaeef0bdf0 <request_finished>, completion_data=0x5619b4a30c00) at soup-message-io.c:1252
#18 0x00007ffaeef06e07 in soup_message_read_request (msg=0x5619b4a34390, sock=0x5619b4a2b440, use_thread_context=<optimized out>, completion_cb=0x7ffaeef0bdf0 <request_finished>, 
    user_data=0x5619b4a30c00) at soup-message-server-io.c:304
#19 0x00007ffaec66e5b5 in g_cclosure_marshal_VOID__OBJECTv (closure=0x5619b4a2f840, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, 
    marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5619b4a1d300) at gmarshal.c:2102
#20 0x00007ffaec66b866 in _g_closure_invoke_va (closure=0x5619b4a2f840, return_value=0x0, instance=0x5619b4a2b100, args=0x7ffe4332fbc8, n_params=1, param_types=0x5619b4a1d300)
    at gclosure.c:867
#21 0x00007ffaec687196 in g_signal_emit_valist (instance=0x5619b4a2b100, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe4332fbc8) at gsignal.c:3300
#22 0x00007ffaec687872 in g_signal_emit (instance=instance@entry=0x5619b4a2b100, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
#23 0x00007ffaeef192ef in listen_watch (pollable=<optimized out>, data=0x5619b4a2b100) at soup-socket.c:1237
#24 0x00007ffaebd06405 in g_main_dispatch (context=0x5619b4a1fd40) at gmain.c:3148
#25 g_main_context_dispatch (context=context@entry=0x5619b4a1fd40) at gmain.c:3813
#26 0x00007ffaebd067a8 in g_main_context_iterate (context=0x5619b4a1fd40, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3886
#27 0x00007ffaebd06ab2 in g_main_loop_run (loop=0x5619b4a1a7b0) at gmain.c:4082
#28 0x00007ffaeff49ef8 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#29 0x00005619b4174bcc in WebDriver::WebDriverService::run(int, char**) ()
#30 0x00005619b415555e in main ()
Comment 1 Carlos Garcia Campos 2017-11-21 05:21:06 PST
Created attachment 327402 [details]
Patch
Comment 2 Carlos Garcia Campos 2017-11-21 08:55:48 PST
Committed r225082: <https://trac.webkit.org/changeset/225082>
Comment 3 Radar WebKit Bug Importer 2017-11-21 08:56:19 PST
<rdar://problem/35658276>