Bug 309029
| Summary: | [Site Isolation] window.open when opener is an empty site crashes | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Anthony Tarbinian <a.tarbinian> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Anthony Tarbinian
When calling window.open() from an empty site (i.e. about:blank) we hit this crash which gets triggered from WebPageProxy::initializeWebPage
Steps to reproduce:
1. Open Minibrowser and navigate to about:blank
2. Open web inspector console
3. Run window.open()
Full crash:
Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(53) : void IPC::MessageReceiverMap::addMessageReceiver(ReceiverName, uint64_t, MessageReceiver &)
1 0x11c16d514 IPC::MessageReceiverMap::addMessageReceiver(IPC::ReceiverName, unsigned long long, IPC::MessageReceiver&)
2 0x11a98f69c WebKit::AuxiliaryProcessProxy::addMessageReceiver(IPC::ReceiverName, unsigned long long, IPC::MessageReceiver&)
3 0x119d329a8 void WebKit::AuxiliaryProcessProxy::addMessageReceiver<unsigned long long>(IPC::ReceiverName, WTF::ObjectIdentifierGenericBase<unsigned long long> const&, IPC::MessageReceiver&)
4 0x11aa2bdec WebKit::RemotePageDrawingAreaProxy::RemotePageDrawingAreaProxy(WebKit::DrawingAreaProxy&, WebKit::WebProcessProxy&)
5 0x11aa2bcb8 WebKit::RemotePageDrawingAreaProxy::RemotePageDrawingAreaProxy(WebKit::DrawingAreaProxy&, WebKit::WebProcessProxy&)
6 0x11aa2bb54 WebKit::RemotePageDrawingAreaProxy::create(WebKit::DrawingAreaProxy&, WebKit::WebProcessProxy&)
7 0x11aa2d4d4 WebKit::RemotePageProxy::injectPageIntoNewProcess()
8 0x11a994164 WebKit::BrowsingContextGroup::addFrameProcessAndInjectPageContextIf(WebKit::FrameProcess&, WTF::Function<bool (WebKit::WebPageProxy&)>)::$_0::operator()(WebKit::WebPageProxy&, WebCore::Site const&) const
9 0x11a993d90 WebKit::BrowsingContextGroup::addFrameProcessAndInjectPageContextIf(WebKit::FrameProcess&, WTF::Function<bool (WebKit::WebPageProxy&)>)
10 0x11a993a1c WebKit::BrowsingContextGroup::addFrameProcess(WebKit::FrameProcess&)
11 0x11a9e485c WebKit::FrameProcess::FrameProcess(WebKit::WebProcessProxy&, WebKit::BrowsingContextGroup&, std::__1::optional<WebCore::Site> const&, WebCore::Site const&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate)
12 0x11a9e4abc WebKit::FrameProcess::FrameProcess(WebKit::WebProcessProxy&, WebKit::BrowsingContextGroup&, std::__1::optional<WebCore::Site> const&, WebCore::Site const&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate)
13 0x11a99373c WebKit::FrameProcess::create(WebKit::WebProcessProxy&, WebKit::BrowsingContextGroup&, std::__1::optional<WebCore::Site> const&, WebCore::Site const&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate)
14 0x11a993128 WebKit::BrowsingContextGroup::ensureProcessForSite(WebCore::Site const&, WebCore::Site const&, WebKit::WebProcessProxy&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate)
15 0x11ab23458 WebKit::WebPageProxy::initializeWebPage(WebCore::Site const&, WTF::OptionSet<WebCore::SandboxFlag, (WTF::ConcurrencyTag)0>, WebCore::ReferrerPolicy)
16 0x11a60d598 WebKit::WebViewImpl::WebViewImpl(WKWebView*, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&)
17 0x11a60f9c0 WebKit::WebViewImpl::WebViewImpl(WKWebView*, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&)
18 0x1198259d8 std::__1::unique_ptr<WebKit::WebViewImpl, std::__1::default_delete<WebKit::WebViewImpl>> std::__1::make_unique[abi:sqn210106]<WebKit::WebViewImpl, WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>, 0>(WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&)
19 0x1197d74a4 decltype(auto) WTF::makeUnique<WebKit::WebViewImpl, WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>>(WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&)
20 0x11709cd5c -[WKWebView _initializeWithConfiguration:]
21 0x11709c6d8 -[WKWebView initWithFrame:configuration:]
22 0x1001bb32c -[WK2BrowserWindowController awakeFromNib]
23 0x18556a314 -[NSIBObjectData nibInstantiateWithOwner:options:topLevelObjects:]
24 0x18555f994 loadNib
25 0x18555efb8 +[NSBundle(NSNibLoading) _loadNibFile:nameTable:options:withZone:ownerBundle:]
26 0x1856e589c -[NSWindowController loadWindow]
27 0x1856e5654 -[NSWindowController window]
28 0x1001bfc0c -[WK2BrowserWindowController webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:]
29 0x119e16700 WebKit::UIDelegate::UIClient::createNewPage(WebKit::WebPageProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&, WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&)
30 0x11ac733c8 WebKit::WebPageProxy::createNewPage(IPC::Connection&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::PageIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, std::__1::optional<WebKit::WebPageCreationParameters>)>&&)::$_1::operator()(WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&)
31 0x11ac73218 WTF::Detail::CallableWrapper<WebKit::WebPageProxy::createNewPage(IPC::Connection&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::PageIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, std::__1::optional<WebKit::WebPageCreationParameters>)>&&)::$_1, void, WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&>::call(WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/171576184>
Anthony Tarbinian
Reproduces on 308471@main with site isolation on
Anthony Tarbinian
Pull request: https://github.com/WebKit/WebKit/pull/59765
EWS
Committed 309761@main (5c3dd122be67): <https://commits.webkit.org/309761@main>
Reviewed commits have been landed. Closing PR #59765 and removing active labels.