Bug 187360

Summary: Fix iOS crash when starting loads with no active DocumentLoader
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, beidson, cdumez, dbates, ews-watchlist, ggaren, japhet, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=199580
Attachments:
Description Flags
Patch
none
Patch ggaren: review+

Description Alex Christensen 2018-07-05 13:05:33 PDT 
Fix iOS crash when starting loads with no active DocumentLoader
Comment 1 Alex Christensen 2018-07-05 13:09:06 PDT 
Created attachment 344355 [details]
Patch
Comment 2 Daniel Bates 2018-07-05 14:07:02 PDT 
Comment on attachment 344355 [details]
Patch

Can you please give an example (even better a test case since this is crash) of when m_documentLoader is null when this function is called? ResourceLoader assumes we always have a non-null pointer to a document loader unless it explicitly nullified it in ResourceLoader::releaseResources(). I mean, even in this function, we assume a non-null m_documentLoader when we ASSERT(!m_documentLoader->isSubstituteLoadPending(this)) at the top of this function.
Comment 3 Alex Christensen 2018-07-05 14:08:23 PDT 
I can't reproduce this.  I'm only reading logs.
Comment 4 Daniel Bates 2018-07-05 14:16:14 PDT 
(In reply to Alex Christensen from comment #3)
> I can't reproduce this.  I'm only reading logs.

I take it is not straightforward to read the code and look at the callers and/or use a debugger to try to piece together a scenario that explains the crash?

Are you able to post the crash report? Maybe we can leverage more minds to help identify the cause.
Comment 5 Daniel Bates 2018-07-05 14:17:11 PDT 
<rdar://problem/29389084>
Comment 6 Geoffrey Garen 2019-06-17 16:37:19 PDT 
We do generally accept crash fixes for top crashes based on field data, even if we only have a limited understanding of the data. So, I'm inclined to say r+.

That said, I do agree that it's surprising, and probably bad style, to null-check m_documentLoader after having used m_documentLoader.

Alex, could you put the null check at the top of the function, with an explicit comment linking to a bug report, explaining the m_documentLoader is not expected to be null, but is observed to be in some crash reports?
Comment 7 Alex Christensen 2019-06-17 16:58:00 PDT 
Created attachment 372294 [details]
Patch
Comment 8 Geoffrey Garen 2019-06-17 17:09:34 PDT 
Comment on attachment 372294 [details]
Patch

r=me

Side note: should we really call cancel() here? cancel() seems to dereference m_documentLoader, so we might just move the crash point.
Comment 9 Alex Christensen 2019-06-17 17:15:12 PDT 
http://trac.webkit.org/r246525