Bug 185088

Summary: Fix crash in DocumentLoader::startLoadingMainResource
Product: WebKit Reporter: Keith Rollin <krollin>
Component: WebCore Misc.Assignee: Keith Rollin <krollin>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, dbates, ews-watchlist, japhet, ryanhaddad, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Keith Rollin
Reported 2018-04-27 13:44:23 PDT
Testing turned up a crash in: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000312612e26 WebCore::DocumentLoader::startLoadingMainResource(WebCore::ShouldContinue) + 598 1 com.apple.WebCore 0x00000003126321d0 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::ShouldContinue, WebCore::AllowNavigationToInvalidURL)::$_14::operator()() const + 352 This corresponds to this source: if (maybeLoadEmpty()) { RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Returning empty document (frame = %p, main = %d)", m_frame, m_frame ? m_frame->isMainFrame() : false); return; } The problem is that maybeLoadEmpty() can release "this". Fix this by adding a "protectedThis". <rdar://problem/39689263>
Attachments
Patch (2.26 KB, patch)
2018-04-27 13:51 PDT, Keith Rollin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Keith Rollin
Comment 1 2018-04-27 13:51:51 PDT
Created attachment 339019 [details] Patch
WebKit Commit Bot
Comment 2 2018-04-27 18:09:16 PDT
Comment on attachment 339019 [details] Patch Clearing flags on attachment: 339019 Committed r231128: <https://trac.webkit.org/changeset/231128>
WebKit Commit Bot
Comment 3 2018-04-27 18:09:18 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.