Bug 191217

Summary: REGRESSION: Crash under DOMWindow::postMessageTimerFired()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, cdumez, commit-queue, dbates, ggaren, jlewis3, rniwa, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar, Regression
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2018-11-02 16:22:37 PDT
Crash under DOMWindow::postMessageTimerFired(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000038) [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) [inlined] WebCore::Frame::page() const at Frame.h:388:12 384 } 385 386 inline Page* Frame::page() const 387 { -> 388 return m_page; 389 } 390 391 inline void Frame::detachFromPage() 392 { 0x00007fff44a93855: movq %r14, %rsi 0x00007fff44a93858: callq 0xf7c690 ; WebCore::InspectorInstrumentation::willDispatchPostMessageImpl at InspectorInstrumentation.cpp:352 0x00007fff44a9385d: jmp 0x108461a ; <+138> [inlined] WebCore::ContextDestructionObserver::scriptExecutionContext() const at DOMWindow.cpp:1481 0x00007fff44a93862: movq 0x88(%rbx), %rax -> 0x00007fff44a93869: movq 0x38(%rax), %rax 0x00007fff44a9386d: testq %rax, %rax 0x00007fff44a93870: je 0x10846d1 ; <+321> at DOMWindow.cpp:999 0x00007fff44a93876: movq 0x50(%rax), %rax 0x00007fff44a9387a: movq 0x8(%rax), %rdi [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) [inlined] WebCore::InspectorInstrumentation::instrumentingAgentsForFrame(WebCore::Frame&) at InspectorInstrumentation.h:1422 1418 } 1419 1420 inline InstrumentingAgents* InspectorInstrumentation::instrumentingAgentsForFrame(Frame& frame) 1421 { -> 1422 return instrumentingAgentsForPage(frame.page()); 1423 } 1424 1425 inline InstrumentingAgents* InspectorInstrumentation::instrumentingAgentsForDocument(Document* document) 1426 { [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) [inlined] WebCore::InspectorInstrumentation::didDispatchPostMessage(WebCore::Frame&, WebCore::TimerBase&) at InspectorInstrumentation.h:732 728 729 inline void InspectorInstrumentation::didDispatchPostMessage(Frame& frame, TimerBase& timer) 730 { 731 FAST_RETURN_IF_NO_FRONTENDS(void()); -> 732 if (InstrumentingAgents* instrumentingAgents = instrumentingAgentsForFrame(frame)) 733 didDispatchPostMessageImpl(*instrumentingAgents, timer); 734 } 735 736 inline InspectorInstrumentationCookie InspectorInstrumentation::willCallFunction(ScriptExecutionContext* context, const String& scriptName, int scriptLine) [ 0] 0x00007fff44a93869 WebCore`WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) + 729 at DOMWindow.cpp:998 994 InspectorInstrumentation::willDispatchPostMessage(*m_frame, timer); 995 996 dispatchEvent(timer.event(*document())); 997 -> 998 InspectorInstrumentation::didDispatchPostMessage(*m_frame, timer); 999 } 1000 1001 DOMSelection* DOMWindow::getSelection() 1002 { [ 1] 0x00007fff43aec983 WebCore`WebCore::PostMessageTimer::fired() + 99 at DOMWindow.cpp:177:19
Attachments
Patch (4.87 KB, patch)
2018-11-02 16:27 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-11-02 16:22:58 PDT
<rdar://problem/40888466>
Chris Dumez
Comment 2 2018-11-02 16:27:41 PDT
Created attachment 353742 [details] Patch
Geoffrey Garen
Comment 3 2018-11-05 11:51:41 PST
Comment on attachment 353742 [details] Patch r=me
WebKit Commit Bot
Comment 4 2018-11-05 11:58:14 PST
Comment on attachment 353742 [details] Patch Clearing flags on attachment: 353742 Committed r237825: <https://trac.webkit.org/changeset/237825>
WebKit Commit Bot
Comment 5 2018-11-05 11:58:16 PST
All reviewed patches have been landed. Closing bug.
Sihui Liu
Comment 6 2018-11-08 15:33:39 PST
*** Bug 180174 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.