Bug 34944

Summary: [GTK] Crashes when going back to a page that has data: URIs, with page cache enabled
Product: WebKit Reporter: Gustavo Noronha (kov) <gustavo>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal Keywords: Gtk, Soup
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569950
Attachments:
Description Flags
also set the URL on the response for data: URLs xan.lopez: review+, gustavo: commit-queue-

Description Gustavo Noronha (kov) 2010-02-15 08:01:43 PST
Originially reported in the Debian package. Here are the steps to reproduce:

 - Open up google.
 - Search for e.g. “bobcat” (see today’s xkcd).
 - Click “Images”.
 - Click “Go back”.
 - Kaboom.

Here's the trace:

| Program received signal SIGSEGV, Segmentation fault.
| WebCore::StringHash::hash (this=0x7fffe2bd8000, value=<value optimized out>) at ../WebCore/platform/text/StringHash.h:88
| 88	../WebCore/platform/text/StringHash.h: Aucun fichier ou dossier de ce type.
| 	in ../WebCore/platform/text/StringHash.h
| Current language:  auto
| The current source language is "auto; currently c++".
| (gdb) bt
| #0  WebCore::StringHash::hash (this=0x7fffe2bd8000, value=<value optimized out>) at ../WebCore/platform/text/StringHash.h:88
| #1  WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash>::hash (this=0x7fffe2bd8000, value=<value optimized out>) at ../JavaScriptCore/wtf/HashTable.h:278
| #2  add<WebCore::String, WebCore::String, WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash> > (this=0x7fffe2bd8000, value=<value optimized out>)
|     at ../JavaScriptCore/wtf/HashTable.h:642
| #3  WTF::HashTable<WebCore::String, WebCore::String, WTF::IdentityExtractor<WebCore::String>, WebCore::StringHash, WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::String> >::add (
|     this=0x7fffe2bd8000, value=<value optimized out>) at ../JavaScriptCore/wtf/HashTable.h:316
| #4  WTF::HashSet<WebCore::String, WebCore::StringHash, WTF::HashTraits<WebCore::String> >::add (this=0x7fffe2bd8000, value=<value optimized out>) at ../JavaScriptCore/wtf/HashSet.h:210
| #5  0x00007ffff4e72495 in WebCore::DocumentLoader::didTellClientAboutLoad (this=0x7fffe2bb6990, loader=0x7fffe2bd7a00, identifier=50, request=..., redirectResponse=...)
|     at ../WebCore/loader/DocumentLoader.h:197
| #6  WebCore::ResourceLoadNotifier::dispatchWillSendRequest (this=0x7fffe2bb6990, loader=0x7fffe2bd7a00, identifier=50, request=..., redirectResponse=...) at ../WebCore/loader/ResourceLoadNotifier.cpp:124
| #7  0x00007ffff4e4883d in WebCore::FrameLoader::requestFromDelegate (this=0x7fffe2bb6850, request=..., identifier=@0x7fffffffba38, error=...) at ../WebCore/loader/FrameLoader.cpp:3561
| #8  0x00007ffff4e510fb in WebCore::FrameLoader::commitProvisionalLoad (this=0x7fffe2bb6850, prpCachedPage=<value optimized out>) at ../WebCore/loader/FrameLoader.cpp:2484
| #9  0x00007ffff4e516e6 in WebCore::FrameLoader::loadProvisionalItemFromCachedPage (this=0x7fffe2bb6850) at ../WebCore/loader/FrameLoader.cpp:3641
| #10 0x00007ffff4e5198d in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x7fffe2bb6850, formState=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece.
| ) at ../WebCore/loader/FrameLoader.cpp:3513
| #11 0x00007ffff4e51a1d in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x0, request=..., formState=<value optimized out>, shouldContinue=128) at ../WebCore/loader/FrameLoader.cpp:3450
| #12 0x00007ffff4e68d9f in WebCore::PolicyChecker::checkNavigationPolicy (this=0x7fffe2bb6860, request=..., loader=0x7fffe2bd7a00, formState=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece.
| ) at ../WebCore/loader/PolicyChecker.cpp:68
| #13 0x00007ffff4e51d5a in WebCore::FrameLoader::loadWithDocumentLoader (this=0x7fffe2bb6850, loader=0x7fffe2bd7a00, type=<value optimized out>, prpFormState=<value optimized out>)
|     at ../WebCore/loader/FrameLoader.cpp:2084
| #14 0x00007ffff4e55d8e in WebCore::FrameLoader::navigateToDifferentDocument (this=0x7fffe2bb6850, item=<value optimized out>, loadType=WebCore::FrameLoadTypeBack) at ../WebCore/loader/FrameLoader.cpp:3733
| #15 0x00007ffff4e58cc5 in WebCore::HistoryController::recursiveGoToItem (this=0x7fffe2bb6970, item=0x7fffdae75f00, fromItem=<value optimized out>, type=WebCore::FrameLoadTypeBack)
|     at ../WebCore/loader/HistoryController.cpp:585
| #16 0x00007ffff4ebf5d3 in WebCore::Page::goToItem (this=0x7fffe2badea0, item=0x7fffdae75f00, type=WebCore::FrameLoadTypeBack) at ../WebCore/page/Page.cpp:310
| #17 0x00007ffff4ebf744 in WebCore::Page::goBack (this=0x7fffe2badea0) at ../WebCore/page/Page.cpp:239

Debug builds hit the following assertion in FrameLoader::requestFromDelegate:

    ASSERT(!request.isNull());

The problem is our network backend does not set the URL on the response before emitting didReceiveResponse, for data URIs.
Comment 1 Gustavo Noronha (kov) 2010-02-15 08:03:55 PST
Created attachment 48753 [details]
also set the URL on the response for data: URLs
Comment 2 Xan Lopez 2010-02-15 11:11:46 PST
Comment on attachment 48753 [details]
also set the URL on the response for data: URLs

Bam! Said the lady.
Comment 3 Gustavo Noronha (kov) 2010-02-15 12:36:49 PST
Landed as r54786.