Bug 194857

Summary:

Regression(PSON) Crash under WebKit::WebPageProxy::decidePolicyForNavigationActionSync

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

WebKit2

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, beidson, commit-queue, ggaren, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Chris Dumez

Reported 2019-02-20 10:03:02 PST

Crash under WebKit::WebPageProxy::decidePolicyForNavigationActionSync: Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebKit 0x00000001c1896534 WTFCrashWithInfo(int, char const*, char const*, int) + 20 (Assertions.h:559) 1 WebKit 0x00000001c1a617d4 WebKit::WebPageProxy::decidePolicyForNavigationActionSync(unsigned long long, bool, WebCore::SecurityOriginData&&, WebCore::PolicyCheckIdentifier, unsigned long long, WebKit::NavigationActionData&&, WebKit::FrameInfoData&&, unsigned long long, WebCore::ResourceRequest const&, WebCore::ResourceRequest&&, IPC::FormDataReference&&, WebCore::ResourceResponse&&, WebKit::UserData const&, WTF::CompletionHandler<void (WebCore::PolicyCheckIdentifier const&, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, WTF::Optional<WebKit::WebsitePoliciesData> const&)>&&) + 484 (Assertions.h:578) 2 WebKit 0x00000001c1c87110 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, bool, WebCore::SecurityOriginData&&, WebCore::PolicyCheckIdentifier, unsigned long long, WebKit::NavigationActionData&&, WebKit::FrameInfoData&&, unsigned long long, WebCore::ResourceRequest const&, WebCore::ResourceRequest&&, IPC::FormDataReference&&, WebCore::ResourceResponse&&, WebKit::UserData const&, WTF::CompletionHandler<void (WebCore::PolicyCheckIdentifier const&, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, WTF::Optional<WebKit::WebsitePoliciesData> const&)>&&), void (WebCore::PolicyCheckIdentifier const&, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, WTF::Optional<WebKit::WebsitePoliciesData> const&), std::__1::tuple<unsigned long long, bool, WebCore::SecurityOriginData, WebCore::PolicyCheckIdentifier, unsigned long long, WebKit::NavigationActionData, WebKit::FrameInfoData, unsigned long long, WebCore::ResourceRequest, WebCore::ResourceRequest, IPC::FormDataReference, WebCore::ResourceResponse, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul, 8ul, 9ul, 10ul, 11ul, 12ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, bool, WebCore::SecurityOriginData&&, WebCore::PolicyCheckIdentifier, unsigned long long, WebKit::NavigationActionData&&, WebKit::FrameInfoData&&, unsigned long long, WebCore::ResourceRequest const&, WebCore::ResourceRequest&&, IPC::FormDataReference&&, WebCore::ResourceResponse&&, WebKit::UserData const&, WTF::CompletionHandler<void (WebCore::PolicyCheckIdentifier const&, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, WTF::Optional<WebKit::WebsitePoliciesData> const&)>&&), WTF::CompletionHandler<void (WebCore::PolicyCheckIdentifier const&, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, WTF::Optional<WebKit::WebsitePoliciesData> const&)>&&, std::__1::tuple<unsigned long long, bool, WebCore::SecurityOriginData, WebCore::PolicyCheckIdentifier, unsigned long long, WebKit::NavigationActionData, WebKit::FrameInfoData, unsigned long long, WebCore::ResourceRequest, WebCore::ResourceRequest, IPC::FormDataReference, WebCore::ResourceResponse, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul, 8ul, 9ul, 10ul, 11ul, 12ul>) + 140 (HandleMessage.h:69) 3 WebKit 0x00000001c1c7a2c4 void IPC::handleMessageDelayed<Messages::WebPageProxy::DecidePolicyForNavigationActionSync, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, bool, WebCore::SecurityOriginData&&, WebCore::PolicyCheckIdentifier, unsigned long long, WebKit::NavigationActionData&&, WebKit::FrameInfoData&&, unsigned long long, WebCore::ResourceRequest const&, WebCore::ResourceRequest&&, IPC::FormDataReference&&, WebCore::ResourceResponse&&, WebKit::UserData const&, WTF::CompletionHandler<void (WebCore::PolicyCheckIdentifier const&, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, WTF::Optional<WebKit::WebsitePoliciesData> const&)>&&)>(IPC::Connection&, IPC::Decoder&, std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, bool, WebCore::SecurityOriginData&&, WebCore::PolicyCheckIdentifier, unsigned long long, WebKit::NavigationActionData&&, WebKit::FrameInfoData&&, unsigned long long, WebCore::ResourceRequest const&, WebCore::ResourceRequest&&, IPC::FormDataReference&&, WebCore::ResourceResponse&&, WebKit::UserData const&, WTF::CompletionHandler<void (WebCore::PolicyCheckIdentifier const&, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID const&, WTF::Optional<WebKit::WebsitePoliciesData> const&)>&&)) + 156 (HandleMessage.h:75) 4 WebKit 0x00000001c19feeb8 WebKit::ProvisionalPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >&) + 104 (ProvisionalPageProxy.cpp:381) 5 WebKit 0x00000001c18b3e38 IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >&) + 136 (MessageReceiverMap.cpp:0) 6 WebKit 0x00000001c1a83518 WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >&) + 40 (WebProcessProxy.cpp:662) 7 WebKit 0x00000001c18a6d00 IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 204 (Connection.cpp:900) 8 WebKit 0x00000001c18a3cc0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 140 (Connection.cpp:1003) 9 WebKit 0x00000001c18a3ad0 IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) + 236 (Connection.cpp:182) 10 JavaScriptCore 0x00000001b9278a98 WTF::RunLoop::performWork() + 356 (Function.h:56) 11 JavaScriptCore 0x00000001b9278d14 WTF::RunLoop::performWork(void*) + 40 (RunLoopCF.cpp:38) 12 CoreFoundation 0x00000001b16847c8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1980) 13 CoreFoundation 0x00000001b1684744 __CFRunLoopDoSource0 + 92 (CFRunLoop.c:2015) 14 CoreFoundation 0x00000001b1684000 __CFRunLoopDoSources0 + 180 (CFRunLoop.c:2051) 15 CoreFoundation 0x00000001b167ecd0 __CFRunLoopRun + 992 (CFRunLoop.c:2922) 16 CoreFoundation 0x00000001b167e5d0 CFRunLoopRunSpecific + 452 (CFRunLoop.c:3247) 17 GraphicsServices 0x00000001b38bbdd4 GSEventRunModal + 108 (GSEvent.c:2245) 18 UIKitCore 0x00000001df6ed154 UIApplicationMain + 216 (UIApplication.m:4353) 19 MobileSafari 0x00000001000776ec main + 1504 (main.m:121) 20 libdyld.dylib 0x00000001b113d2b4 start + 4

Attachments
Patch (13.32 KB, patch) 2019-02-20 10:06 PST, Chris Dumez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2019-02-20 10:03:17 PST

<rdar://problem/47759323>

Chris Dumez

Comment 2 2019-02-20 10:06:55 PST

Created attachment 362508 [details] Patch

Chris Dumez

Comment 3 2019-02-20 10:07:46 PST

*** Bug 194840 has been marked as a duplicate of this bug. ***

Alex Christensen

Comment 4 2019-02-20 10:26:57 PST

Comment on attachment 362508 [details] Patch Wow, I was just thinking we don't have enough decidePolicyForNavigationAction* functions. I'm glad we can reproduce this.

WebKit Commit Bot

Comment 5 2019-02-20 11:19:32 PST

Comment on attachment 362508 [details] Patch Clearing flags on attachment: 362508 Committed r241823: <https://trac.webkit.org/changeset/241823>

WebKit Commit Bot

Comment 6 2019-02-20 11:19:33 PST

All reviewed patches have been landed. Closing bug.

Chris Dumez

Comment 7 2019-02-20 16:52:39 PST

Follow-up build fix: <https://trac.webkit.org/changeset/241853>

Note You need to log in before you can comment on or make changes to this bug.