Bug 261037

nullptr dereference in WebCore::WebSocket::close(). ``` Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Codes: 0x0000000000000001, 0x0000000000000000 VM Region Info: 0 is not in any region. Bytes before following region: 4369219584 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 1046d0000-1046d4000 [ 16K] r-x/r-x SM=COW ...it.WebContent Termination Reason: SIGNAL 11 Segmentation fault: 11 Terminating Process: exc handler [7349] Triggered by Thread: 0 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x1c1d0ff84 WebCore::WebSocket::close(std::__1::optional<unsigned short>, WTF::String const&) + 360 (WebSocket.cpp:440) 1 WebCore 0x1c18acd14 WebCore::jsWebSocketPrototypeFunction_closeBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebSocket*)::'lambda'()::operator()() const + 24 (JSWebSocket.cpp:561) [inlined] 2 WebCore 0x1c18acd14 JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsWebSocketPrototypeFunction_closeBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebSocket*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsWebSocketPrototypeFunction_closeBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebSocket*)::'lambda'()&&) + 24 (JSDOMConvertBase.h:168) [inlined] 3 WebCore 0x1c18acd14 WebCore::jsWebSocketPrototypeFunction_closeBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebSocket*) + 308 (JSWebSocket.cpp:561) [inlined] 4 WebCore 0x1c18acd14 long long WebCore::IDLOperation<WebCore::JSWebSocket>::call<&(WebCore::jsWebSocketPrototypeFunction_closeBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebSocket*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 520 (JSDOMOperation.h:63) [inlined] 5 WebCore 0x1c18acd14 WebCore::jsWebSocketPrototypeFunction_close(JSC::JSGlobalObject*, JSC::CallFrame*) + 560 (JSWebSocket.cpp:566) 6 0x12000c654 7 0x120004268 8 0x120004748 9 JavaScriptCore 0x1c507bdd0 JSC::Interpreter::executeCallImpl(JSC::VM&, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 144 (Interpreter.cpp:1119) [inlined] 10 JavaScriptCore 0x1c507bdd0 JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 576 (Interpreter.cpp:1128) 11 JavaScriptCore 0x1c5251890 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 28 (CallData.cpp:57) [inlined] 12 JavaScriptCore 0x1c5251890 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 32 (CallData.cpp:64) [inlined] 13 JavaScriptCore 0x1c5251890 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 120 (CallData.cpp:85) 14 WebCore 0x1c1e26dc0 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 104 (JSExecState.h:91) [inlined] 15 WebCore 0x1c1e26dc0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 976 (JSEventListener.cpp:224) 16 WebCore 0x1c21fa698 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 448 (EventTarget.cpp:372) 17 WebCore 0x1c21ee208 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 364 (EventTarget.cpp:304) 18 WebCore 0x1c21fa330 WebCore::EventTarget::dispatchEvent(WebCore::Event&) + 212 (EventTarget.cpp:258) 19 WebCore 0x1c1d10cac WebCore::WebSocket::dispatchErrorEventIfNeeded() + 212 (WebSocket.cpp:691) 20 WebCore 0x1c1d151d0 WebCore::WebSocket::failAsynchronously()::$_10::operator()() const + 8 (WebSocket.cpp:220) [inlined] 21 WebCore 0x1c1d151d0 WTF::Detail::CallableWrapper<WebCore::WebSocket::failAsynchronously()::$_10, void>::call() + 28 (Function.h:53) 22 WebCore 0x1c21f5a68 WebCore::EventLoop::run() + 172 (EventLoop.cpp:124) 23 WebCore 0x1c2296678 WebCore::WindowEventLoop::didReachTimeToRun() + 36 (WindowEventLoop.cpp:121) 24 WebCore 0x1c2a5ebd8 WebCore::ThreadTimers::sharedTimerFiredInternal() + 152 (ThreadTimers.cpp:127) [inlined] 25 WebCore 0x1c2a5ebd8 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 160 (ThreadTimers.cpp:67) [inlined] 26 WebCore 0x1c2a5ebd8 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 192 (Function.h:53) 27 WebCore 0x1c2a8ffe4 WTF::Function<void ()>::operator()() const + 44 (Function.h:82) [inlined] 28 WebCore 0x1c2a8ffe4 WebCore::MainThreadSharedTimer::fired() + 44 (MainThreadSharedTimer.cpp:83) [inlined] 29 WebCore 0x1c2a8ffe4 WebCore::timerFired(__CFRunLoopTimer*, void*) + 68 (cf/MainThreadSharedTimerCF.cpp:85) 30 CoreFoundation 0x1aed402b0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32 31 CoreFoundation 0x1aed3ff58 __CFRunLoopDoTimer + 1004 32 CoreFoundation 0x1aecc9624 __CFRunLoopDoTimers + 288 33 CoreFoundation 0x1aecc663c __CFRunLoopRun + 1856 34 CoreFoundation 0x1aecc5e18 CFRunLoopRunSpecific + 608 35 Foundation 0x1adc5c82c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 36 Foundation 0x1adc5ac24 -[NSRunLoop(NSRunLoop) run] + 64 37 libxpc.dylib 0x216c01e80 _xpc_objc_main + 336 38 libxpc.dylib 0x216c0418c _xpc_main + 64 39 libxpc.dylib 0x216c0436c xpc_main + 64 40 WebKit 0x1c39535d0 WebKit::XPCServiceMain(int, char const**) + 48 (XPCServiceMain.mm:241) 41 dyld 0x1d1460d44 start + 2104 ``` <rdar://75425816>