Bug 204459

Summary:

Crash in com.apple.WebKit.WebContent at WebKit: WebKit::StorageAreaMap::loadValuesIfNeeded

Product:

WebKit

Reporter:

Sihui Liu <sihui_liu>

Component:

New Bugs

Assignee:

Sihui Liu <sihui_liu>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, ggaren, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch for landing	none

Sihui Liu

Reported 2019-11-21 10:28:34 PST

0 WebKit 0x00000001abdaa0bc WebKit::StorageAreaMap::loadValuesIfNeeded() + 276 (Optional.h:529) 1 WebKit 0x00000001abda9ff0 WebKit::StorageAreaMap::loadValuesIfNeeded() + 72 (StorageAreaMap.cpp:168) 2 WebKit 0x00000001abda97cc WebKit::StorageAreaImpl::item(WTF::String const&) + 48 (StorageAreaMap.cpp:88) 3 WebCore 0x00000001ac64df8c WebCore::JSStorage::getOwnPropertySlot(JSC::JSObject*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 112 (JSStorage.cpp:167) 4 JavaScriptCore 0x00000001b424b300 llint_slow_path_get_by_id + 3988 (JSObjectInlines.h:160) 5 JavaScriptCore 0x00000001b3bfa254 llint_entry + 41460 6 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 7 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 8 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 9 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 10 JavaScriptCore 0x00000001b3befe18 vmEntryToJavaScript + 248 11 JavaScriptCore 0x00000001b418ac5c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 428 (JITCodeInlines.h:38) 12 JavaScriptCore 0x00000001b43779b0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 184 (CallData.cpp:59) 13 WebCore 0x00000001acba754c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1280 (JSExecState.h:73)

Attachments
Patch (2.36 KB, patch) 2019-11-21 10:30 PST, Sihui Liu	no flags	Details Formatted Diff Diff
Patch for landing (4.88 KB, patch) 2019-11-21 16:47 PST, Sihui Liu	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Sihui Liu

Comment 1 2019-11-21 10:30:56 PST

Created attachment 384066 [details] Patch

Sihui Liu

Comment 2 2019-11-21 10:32:26 PST

<rdar://problem/57383446>

Geoffrey Garen

Comment 3 2019-11-21 10:47:18 PST

Comment on attachment 384066 [details] Patch r=me Perhaps we should null check m_storageMapID in other functions too. That said, there's no obviously correct behavior in this surprising situation.

Sihui Liu

Comment 4 2019-11-21 16:47:04 PST

Created attachment 384105 [details] Patch for landing

WebKit Commit Bot

Comment 5 2019-11-21 17:32:45 PST

Comment on attachment 384105 [details] Patch for landing Clearing flags on attachment: 384105 Committed r252757: <https://trac.webkit.org/changeset/252757>

WebKit Commit Bot

Comment 6 2019-11-21 17:32:46 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.