Bug 34944

Summary:

[GTK] Crashes when going back to a page that has data: URIs, with page cache enabled

Product:

WebKit

Reporter:

Gustavo Noronha (kov) <gustavo>

Component:

WebKitGTK

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

Gtk, Soup

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

OS X 10.5

URL:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569950

Attachments:

Description	Flags
also set the URL on the response for data: URLs	xan.lopez: review+, gustavo: commit-queue-

Gustavo Noronha (kov)

Reported 2010-02-15 08:01:43 PST

Originially reported in the Debian package. Here are the steps to reproduce: - Open up google. - Search for e.g. “bobcat” (see today’s xkcd). - Click “Images”. - Click “Go back”. - Kaboom. Here's the trace: | Program received signal SIGSEGV, Segmentation fault. | WebCore::StringHash::hash (this=0x7fffe2bd8000, value=<value optimized out>) at ../WebCore/platform/text/StringHash.h:88 | 88 ../WebCore/platform/text/StringHash.h: Aucun fichier ou dossier de ce type. | in ../WebCore/platform/text/StringHash.h | Current language: auto | The current source language is "auto; currently c++". | (gdb) bt | #0 WebCore::StringHash::hash (this=0x7fffe2bd8000, value=<value optimized out>) at ../WebCore/platform/text/StringHash.h:88 | #1 WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash>::hash (this=0x7fffe2bd8000, value=<value optimized out>) at ../JavaScriptCore/wtf/HashTable.h:278 | #2 add<WebCore::String, WebCore::String, WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash> > (this=0x7fffe2bd8000, value=<value optimized out>) | at ../JavaScriptCore/wtf/HashTable.h:642 | #3 WTF::HashTable<WebCore::String, WebCore::String, WTF::IdentityExtractor<WebCore::String>, WebCore::StringHash, WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::String> >::add ( | this=0x7fffe2bd8000, value=<value optimized out>) at ../JavaScriptCore/wtf/HashTable.h:316 | #4 WTF::HashSet<WebCore::String, WebCore::StringHash, WTF::HashTraits<WebCore::String> >::add (this=0x7fffe2bd8000, value=<value optimized out>) at ../JavaScriptCore/wtf/HashSet.h:210 | #5 0x00007ffff4e72495 in WebCore::DocumentLoader::didTellClientAboutLoad (this=0x7fffe2bb6990, loader=0x7fffe2bd7a00, identifier=50, request=..., redirectResponse=...) | at ../WebCore/loader/DocumentLoader.h:197 | #6 WebCore::ResourceLoadNotifier::dispatchWillSendRequest (this=0x7fffe2bb6990, loader=0x7fffe2bd7a00, identifier=50, request=..., redirectResponse=...) at ../WebCore/loader/ResourceLoadNotifier.cpp:124 | #7 0x00007ffff4e4883d in WebCore::FrameLoader::requestFromDelegate (this=0x7fffe2bb6850, request=..., identifier=@0x7fffffffba38, error=...) at ../WebCore/loader/FrameLoader.cpp:3561 | #8 0x00007ffff4e510fb in WebCore::FrameLoader::commitProvisionalLoad (this=0x7fffe2bb6850, prpCachedPage=<value optimized out>) at ../WebCore/loader/FrameLoader.cpp:2484 | #9 0x00007ffff4e516e6 in WebCore::FrameLoader::loadProvisionalItemFromCachedPage (this=0x7fffe2bb6850) at ../WebCore/loader/FrameLoader.cpp:3641 | #10 0x00007ffff4e5198d in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x7fffe2bb6850, formState=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece. | ) at ../WebCore/loader/FrameLoader.cpp:3513 | #11 0x00007ffff4e51a1d in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x0, request=..., formState=<value optimized out>, shouldContinue=128) at ../WebCore/loader/FrameLoader.cpp:3450 | #12 0x00007ffff4e68d9f in WebCore::PolicyChecker::checkNavigationPolicy (this=0x7fffe2bb6860, request=..., loader=0x7fffe2bd7a00, formState=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece. | ) at ../WebCore/loader/PolicyChecker.cpp:68 | #13 0x00007ffff4e51d5a in WebCore::FrameLoader::loadWithDocumentLoader (this=0x7fffe2bb6850, loader=0x7fffe2bd7a00, type=<value optimized out>, prpFormState=<value optimized out>) | at ../WebCore/loader/FrameLoader.cpp:2084 | #14 0x00007ffff4e55d8e in WebCore::FrameLoader::navigateToDifferentDocument (this=0x7fffe2bb6850, item=<value optimized out>, loadType=WebCore::FrameLoadTypeBack) at ../WebCore/loader/FrameLoader.cpp:3733 | #15 0x00007ffff4e58cc5 in WebCore::HistoryController::recursiveGoToItem (this=0x7fffe2bb6970, item=0x7fffdae75f00, fromItem=<value optimized out>, type=WebCore::FrameLoadTypeBack) | at ../WebCore/loader/HistoryController.cpp:585 | #16 0x00007ffff4ebf5d3 in WebCore::Page::goToItem (this=0x7fffe2badea0, item=0x7fffdae75f00, type=WebCore::FrameLoadTypeBack) at ../WebCore/page/Page.cpp:310 | #17 0x00007ffff4ebf744 in WebCore::Page::goBack (this=0x7fffe2badea0) at ../WebCore/page/Page.cpp:239 Debug builds hit the following assertion in FrameLoader::requestFromDelegate: ASSERT(!request.isNull()); The problem is our network backend does not set the URL on the response before emitting didReceiveResponse, for data URIs.

Attachments
also set the URL on the response for data: URLs (8.02 KB, patch) 2010-02-15 08:03 PST, Gustavo Noronha (kov)	xan.lopez: review+ gustavo: commit-queue-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Gustavo Noronha (kov)

Comment 1 2010-02-15 08:03:55 PST

Created attachment 48753 [details] also set the URL on the response for data: URLs

Xan Lopez

Comment 2 2010-02-15 11:11:46 PST

Comment on attachment 48753 [details] also set the URL on the response for data: URLs Bam! Said the lady.

Gustavo Noronha (kov)

Comment 3 2010-02-15 12:36:49 PST

Landed as r54786.

Note You need to log in before you can comment on or make changes to this bug.