Bug 194820

Summary: REGRESSION(r240909): Release assertion in FrameLoader::loadPostRequest when opening new window
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: Page LoadingAssignee: Ryosuke Niwa <rniwa>
Status: NEW    
Severity: Normal CC: achristensen, beidson, cdumez, dbates, ews-watchlist, ggaren, japhet
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug
none
Patch for safari-607 branch
none
Patch for safari-607 branch with release build fix
none
Patch for safari-607 branch with release build fix none

Ryosuke Niwa
Reported 2019-02-19 10:39:45 PST
e.g. Thread[0] EXC_BREAKPOINT (SIGTRAP) (0x0000000000000002, 0x0000000000000000) [ 0] 0x00007fff5a1b0ca3 WebCore`WTFCrashWithInfo(int, char const*, char const*, int) + 19 0x00007fff5a1b0c97: movq %rsi, -0x18(%rbp) 0x00007fff5a1b0c9b: movq %rdx, -0x10(%rbp) 0x00007fff5a1b0c9f: movl %ecx, -0x4(%rbp) 0x00007fff5a1b0ca2: int3 -> 0x00007fff5a1b0ca3: ud2 0x00007fff5a1b0ca5: nopw %cs:(%rax,%rax) 0x00007fff5a1b0caf: nop [ 1] 0x00007fff5b1293cb WebCore`WebCore::FrameLoader::loadPostRequest(WebCore::FrameLoadRequest&&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&, WTF::CompletionHandler<void ()>&&) + 1515 at FrameLoader.cpp:2999:9 2995 targetFrame->loader().loadWithNavigationAction(workingResourceRequest, WTFMove(action), lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, WTFMove(completionHandler)); 2996 return; 2997 } 2998 -> 2999 RELEASE_ASSERT(!isBackForwardLoadType(policyChecker().loadType())); 3000 policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(workingResourceRequest), WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = WTFMove(completionHandler)] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) mutable { 3001 continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy); 3002 completionHandler(); 3003 }); [ 2] 0x00007fff5b1253a1 WebCore`WebCore::FrameLoader::loadFrameRequest(WebCore::FrameLoadRequest&&, WebCore::Event*, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&) + 817 at FrameLoader.cpp:1289:9 1285 } 1286 }; 1287 1288 if (request.resourceRequest().httpMethod() == "POST") -> 1289 loadPostRequest(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(completionHandler)); 1290 else 1291 loadURL(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(completionHandler)); 1292 } 1293 [ 3] 0x00007fff5b140c95 WebCore`WebCore::ScheduledFormSubmission::fire(WebCore::Frame&) + 517 at NavigationScheduler.cpp:277:24 273 if (!requestingDocument.canNavigate(&frame)) 274 return; 275 FrameLoadRequest frameLoadRequest { requestingDocument, requestingDocument.securityOrigin(), { }, { }, lockHistory(), lockBackForwardList(), MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Allow, shouldOpenExternalURLs(), initiatedByMainFrame() }; 276 m_submission->populateFrameLoadRequest(frameLoadRequest); -> 277 frame.loader().loadFrameRequest(WTFMove(frameLoadRequest), m_submission->event(), m_submission->takeState()); 278 } 279 280 void didStartTimer(Frame& frame, Timer& timer) override 281 { [ 4] 0x00007fff5b13c9a5 WebCore`WebCore::NavigationScheduler::timerFired() + 101 at NavigationScheduler.cpp:510:15 [ 5] 0x00007fff59fcd707 WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal() + 167 at ThreadTimers.cpp:129:23 [ 6] 0x00007fff59fcd64e WebCore`WebCore::timerFired(__CFRunLoopTimer*, void*) + 30 at MainThreadSharedTimerCF.cpp:74:40 <rdar://problem/48187427>
Attachments
Fixes the bug (7.52 KB, patch)
2019-02-19 10:47 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Patch for safari-607 branch (13.07 KB, patch)
2019-02-19 12:24 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Patch for safari-607 branch with release build fix (13.13 KB, patch)
2019-02-19 15:15 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Patch for safari-607 branch with release build fix (13.22 KB, patch)
2019-02-19 18:21 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2019-02-19 10:47:25 PST
Created attachment 362393 [details] Fixes the bug
Geoffrey Garen
Comment 2 2019-02-19 10:50:29 PST
Comment on attachment 362393 [details] Fixes the bug r=me
Ryosuke Niwa
Comment 3 2019-02-19 12:24:23 PST
Created attachment 362413 [details] Patch for safari-607 branch
Ryosuke Niwa
Comment 4 2019-02-19 15:07:53 PST
Comment on attachment 362393 [details] Fixes the bug Clearing flags on attachment: 362393 Committed r241780: <https://trac.webkit.org/changeset/241780>
Ryosuke Niwa
Comment 5 2019-02-19 15:15:54 PST
Created attachment 362442 [details] Patch for safari-607 branch with release build fix
Ryosuke Niwa
Comment 6 2019-02-19 18:21:31 PST
Created attachment 362467 [details] Patch for safari-607 branch with release build fix
Note You need to log in before you can comment on or make changes to this bug.