114672 – should null check mainResourceLoader() before use it

Bug 114672 - should null check mainResourceLoader() before use it

Summary: should null check mainResourceLoader() before use it

Status:	RESOLVED DUPLICATE of bug 116451

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mary Wu

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-16 02:07 PDT by Mary Wu
Modified:	2013-06-16 21:23 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
patch (8.20 KB, patch) 2013-04-16 02:41 PDT, Mary Wu	no flags	Details \| Formatted Diff \| Diff
patch (3.22 KB, patch) 2013-04-16 02:53 PDT, Mary Wu	no flags	Details \| Formatted Diff \| Diff
patch (3.82 KB, patch) 2013-04-17 03:40 PDT, Mary Wu	sam: review- sam: commit-queue-	Details \| Formatted Diff \| Diff
add a test case, thanks (4.49 KB, patch) 2013-04-18 04:03 PDT, Mary Wu	benjamin: review-	Details \| Formatted Diff \| Diff
with a drt test, thanks (5.71 KB, patch) 2013-04-19 04:51 PDT, Mary Wu	buildbot: commit-queue-	Details \| Formatted Diff \| Diff
Archive of layout-test-results from webkit-ews-05 for mac-mountainlion (740.98 KB, application/zip) 2013-04-19 07:05 PDT, Build Bot	no flags	Details
Archive of layout-test-results from webkit-ews-16 for mac-mountainlion-wk2 (642.49 KB, application/zip) 2013-04-19 13:08 PDT, Build Bot	no flags	Details
fix style issue (5.71 KB, patch) 2013-04-19 19:34 PDT, Mary Wu	no flags	Details \| Formatted Diff \| Diff
format changeLog (6.33 KB, patch) 2013-04-19 20:07 PDT, Mary Wu	no flags	Details \| Formatted Diff \| Diff
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2 (512.66 KB, application/zip) 2013-04-19 23:53 PDT, Build Bot	no flags	Details
Archive of layout-test-results from webkit-ews-01 for mac-mountainlion (490.71 KB, application/zip) 2013-04-20 01:13 PDT, Build Bot	no flags	Details
fix result in mac (7.18 KB, patch) 2013-04-23 04:34 PDT, Mary Wu	buildbot: commit-queue-	Details \| Formatted Diff \| Diff
Archive of layout-test-results from webkit-ews-14 for mac-mountainlion-wk2 (515.13 KB, application/zip) 2013-04-23 09:29 PDT, Build Bot	no flags	Details
fix result in mac-wk2 (7.93 KB, patch) 2013-04-23 18:59 PDT, Mary Wu	no flags	Details \| Formatted Diff \| Diff
remove redundant words in test case. (7.84 KB, patch) 2013-04-24 22:55 PDT, Mary Wu	bfulgham: review-	Details \| Formatted Diff \| Diff
Show Obsolete (14) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mary Wu 2013-04-16 02:07:21 PDT

in DocumentLoader, function mainResourceLoader() may return 0 in some cases, but there some places use it without null-check beforehand.

Comment 1 Mary Wu 2013-04-16 02:41:09 PDT

Created attachment 198281 [details]
patch

Comment 2 Mary Wu 2013-04-16 02:42:19 PDT

Comment on attachment 198281 [details]
patch

sorry, wrong attachment

Comment 3 Mary Wu 2013-04-16 02:53:30 PDT

Created attachment 198314 [details]
patch

Comment 4 Nate Chapin 2013-04-16 09:17:08 PDT

Comment on attachment 198314 [details]
patch

Do you have a specific case where you're seeing a null dereference? I believe mainResourceLoader() is supposed to be guaranteed non-null at these points, but it's possible I missed a case.

Comment 5 Mary Wu 2013-04-16 19:10:55 PDT

(In reply to comment #4)
> (From update of attachment 198314 [details])
> Do you have a specific case where you're seeing a null dereference? I believe mainResourceLoader() is supposed to be guaranteed non-null at these points, but it's possible I missed a case.

yes, I met one case crash here:

@@ -678,7 +678,7 @@ void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
             mainReceivedError(frameLoader()->client()->cannotShowURLError(m_request));
             return;
         }
-        InspectorInstrumentation::continueWithPolicyDownload(m_frame, this, mainResourceLoader()->identifier(), m_response);
+        InspectorInstrumentation::continueWithPolicyDownload(m_frame, this, mainResourceLoader() ? mainResourceLoader()->identifier() : 0, m_response);


If DocumentLoader was used to download, mainResourceLoader() would be null and crash 100% time. Though it's rare case that DocumentLoader was used to download, but you can't forbid user to use that way.
Besides, since mainResourceLoader() was defined to possible return 0, I would prefer to have null-check to error-proof in any cases.

Comment 6 Mary Wu 2013-04-16 22:43:27 PDT

cc

Comment 7 Mary Wu 2013-04-17 03:40:15 PDT

Created attachment 198494 [details]
patch

or add assert there if MainResourceLoader() shouldn't be null, that would be better than do nothing, I think

Comment 8 Nate Chapin 2013-04-17 08:56:08 PDT

Comment on attachment 198494 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=198494&action=review

I don't suppose you have a test case to reproduce the crashes you're seeing?

> Source/WebCore/loader/DocumentLoader.cpp:520
> +            m_identifierForLoadWithoutResourceLoader = mainResourceLoader() ? mainResourceLoader()->identifier() : 0;

I think this should be an assert instead.

> Source/WebCore/loader/DocumentLoader.cpp:552
> +            return;

I think this should be an assert instead.

Comment 9 Sam Weinig 2013-04-17 13:58:07 PDT

Comment on attachment 198494 [details]
patch

This should have a test case.

Comment 10 Mary Wu 2013-04-18 03:52:18 PDT

(In reply to comment #8)
> (From update of attachment 198494 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=198494&action=review
> 
> I don't suppose you have a test case to reproduce the crashes you're seeing?

I'll add one.

> 
> > Source/WebCore/loader/DocumentLoader.cpp:520
> > +            m_identifierForLoadWithoutResourceLoader = mainResourceLoader() ? mainResourceLoader()->identifier() : 0;
> 
> I think this should be an assert instead.

ok

> 
> > Source/WebCore/loader/DocumentLoader.cpp:552
> > +            return;
> 
> I think this should be an assert instead.

I hesitate to change to assert since randomly hit it one time.

Comment 11 Mary Wu 2013-04-18 04:03:34 PDT

Created attachment 198717 [details]
add a test case, thanks

Comment 12 Benjamin Poulain 2013-04-18 14:10:22 PDT

Comment on attachment 198717 [details]
add a test case, thanks

View in context: https://bugs.webkit.org/attachment.cgi?id=198717&action=review

> Source/WebCore/ChangeLog:8
> +        Add a manual test which will cause mainResourceLoader return null.

ManualTests are bad.
The changelog should explain why it cannot be tested in any other way.

Comment 13 Mary Wu 2013-04-19 04:39:54 PDT

(In reply to comment #12)
> (From update of attachment 198717 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=198717&action=review
> 
> > Source/WebCore/ChangeLog:8
> > +        Add a manual test which will cause mainResourceLoader return null.
> 
> ManualTests are bad.
> The changelog should explain why it cannot be tested in any other way.

will change it to drt test, thanks

Comment 14 Mary Wu 2013-04-19 04:51:13 PDT

Created attachment 198842 [details]
with a drt test, thanks

Comment 15 WebKit Commit Bot 2013-04-19 04:53:40 PDT

Attachment 198842 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/http/tests/download/download-same-page-expected.txt', u'LayoutTests/http/tests/download/download-same-page.html', u'Source/WebCore/ChangeLog', u'Source/WebCore/loader/DocumentLoader.cpp']" exit_code: 1
Source/WebCore/ChangeLog:10:  Need whitespace between colon and description  [changelog/filechangedescriptionwhitespace] [5]
Source/WebCore/ChangeLog:11:  Need whitespace between colon and description  [changelog/filechangedescriptionwhitespace] [5]
Total errors found: 2 in 4 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 16 Build Bot 2013-04-19 07:05:50 PDT

Comment on attachment 198842 [details]
with a drt test, thanks

Attachment 198842 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/111055

New failing tests:
http/tests/download/download-same-page.html

Comment 17 Build Bot 2013-04-19 07:05:52 PDT

Created attachment 198852 [details]
Archive of layout-test-results from webkit-ews-05 for mac-mountainlion

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: webkit-ews-05  Port: mac-mountainlion  Platform: Mac OS X 10.8.2

Comment 18 Build Bot 2013-04-19 13:08:38 PDT

Comment on attachment 198842 [details]
with a drt test, thanks

Attachment 198842 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/72654

New failing tests:
fast/selectors/unqualified-hover-strict.html
http/tests/download/download-same-page.html

Comment 19 Build Bot 2013-04-19 13:08:41 PDT

Created attachment 198910 [details]
Archive of layout-test-results from webkit-ews-16 for mac-mountainlion-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: webkit-ews-16  Port: mac-mountainlion-wk2  Platform: Mac OS X 10.8.2

Comment 20 Mary Wu 2013-04-19 19:34:58 PDT

Created attachment 198925 [details]
fix style issue

Comment 21 Mary Wu 2013-04-19 20:07:07 PDT

Created attachment 198928 [details]
format changeLog

Comment 22 Build Bot 2013-04-19 23:53:53 PDT

Comment on attachment 198928 [details]
format changeLog

Attachment 198928 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/136261

New failing tests:
http/tests/download/download-same-page.html

Comment 23 Build Bot 2013-04-19 23:53:55 PDT

Created attachment 198930 [details]
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: webkit-ews-12  Port: mac-mountainlion-wk2  Platform: Mac OS X 10.8.2

Comment 24 Build Bot 2013-04-20 01:13:51 PDT

Comment on attachment 198928 [details]
format changeLog

Attachment 198928 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/186321

New failing tests:
http/tests/download/download-same-page.html

Comment 25 Build Bot 2013-04-20 01:13:54 PDT

Created attachment 198934 [details]
Archive of layout-test-results from webkit-ews-01 for mac-mountainlion

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: webkit-ews-01  Port: mac-mountainlion  Platform: Mac OS X 10.8.2

Comment 26 Mary Wu 2013-04-23 04:34:47 PDT

Created attachment 199214 [details]
fix result in mac

Comment 27 Build Bot 2013-04-23 09:29:15 PDT

Comment on attachment 199214 [details]
fix result in mac

Attachment 199214 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/207005

New failing tests:
http/tests/download/download-same-page.html

Comment 28 Build Bot 2013-04-23 09:29:19 PDT

Created attachment 199247 [details]
Archive of layout-test-results from webkit-ews-14 for mac-mountainlion-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: webkit-ews-14  Port: mac-mountainlion-wk2  Platform: Mac OS X 10.8.2

Comment 29 Mary Wu 2013-04-23 18:59:09 PDT

Created attachment 199376 [details]
fix result in mac-wk2

Comment 30 Mary Wu 2013-04-24 22:55:42 PDT

Created attachment 199622 [details]
remove redundant words in test case.

Comment 31 Brent Fulgham 2013-06-13 10:26:00 PDT

Comment on attachment 199622 [details]
remove redundant words in test case.

View in context: https://bugs.webkit.org/attachment.cgi?id=199622&action=review

Looks like a nice change.  I had a few syntax corrections as well as some concerns about the clarify of the change.

> LayoutTests/ChangeLog:3
> +        should null check mainResourceLoader() before use it

Should null check mainResourceLoader() before using it.

> LayoutTests/ChangeLog:8
> +        Add a test to make sure mainResourceLoader() null-check before used.

.... mainResourceLoader() is null-checked before use.

> Source/WebCore/ChangeLog:3
> +        should null check mainResourceLoader() before use it

Should null check mainResourceLoader() before using it.

> Source/WebCore/loader/DocumentLoader.cpp:516
> +            ASSERT(mainResourceLoader());

Why do we only assert here, where we provide actual protection in the other routines you modified?  This would still be a crash, wouldn't it?

> Source/WebCore/loader/DocumentLoader.cpp:681
> +        InspectorInstrumentation::continueWithPolicyDownload(m_frame, this, mainResourceLoader() ? mainResourceLoader()->identifier() : 0, m_response);

I think using this ternary operator inline in the method call is sort of hard to read.  I would prefer to see something like:

unsigned long identifier = mainResourceLoader() ? mainResourceLoader()->identifier() : 0;
InspectorInstrumentation::continueWithPolicyDownload(m_frame, this, identifier, m_response);

> Source/WebCore/loader/DocumentLoader.cpp:694
> +        InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, mainResourceLoader() ? mainResourceLoader()->identifier() : 0, m_response);

Ditto.

Comment 32 Mary Wu 2013-06-13 23:01:02 PDT

(In reply to comment #31)
> (From update of attachment 199622 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=199622&action=review
> 
> Looks like a nice change.  I had a few syntax corrections as well as some concerns about the clarify of the change.
> 
> > LayoutTests/ChangeLog:3
> > +        should null check mainResourceLoader() before use it
> 
> Should null check mainResourceLoader() before using it.
> 
> > LayoutTests/ChangeLog:8
> > +        Add a test to make sure mainResourceLoader() null-check before used.
> 
> .... mainResourceLoader() is null-checked before use.
> 
> > Source/WebCore/ChangeLog:3
> > +        should null check mainResourceLoader() before use it
> 
> Should null check mainResourceLoader() before using it.
> 
> > Source/WebCore/loader/DocumentLoader.cpp:516
> > +            ASSERT(mainResourceLoader());
> 
> Why do we only assert here, where we provide actual protection in the other routines you modified?  This would still be a crash, wouldn't it?
> 
> > Source/WebCore/loader/DocumentLoader.cpp:681
> > +        InspectorInstrumentation::continueWithPolicyDownload(m_frame, this, mainResourceLoader() ? mainResourceLoader()->identifier() : 0, m_response);
> 
> I think using this ternary operator inline in the method call is sort of hard to read.  I would prefer to see something like:
> 
> unsigned long identifier = mainResourceLoader() ? mainResourceLoader()->identifier() : 0;
> InspectorInstrumentation::continueWithPolicyDownload(m_frame, this, identifier, m_response);
> 
> > Source/WebCore/loader/DocumentLoader.cpp:694
> > +        InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, mainResourceLoader() ? mainResourceLoader()->identifier() : 0, m_response);
> 
> Ditto.

Thanks a lot for the review and comments, Brent. I found apple checked in similar patch recently:

commit ef7981e25287a3dd2cb57087b126a44234423471
Author: andersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu May 23 20:08:21 2013 +0000

    Crash in convertMainResourceLoadToDownload when downloading file by option-return
    https://bugs.webkit.org/show_bug.cgi?id=116451

since my test code was also based on the change, looks the patch became obsolete:(

Comment 33 Mary Wu 2013-06-16 21:23:04 PDT

dup

*** This bug has been marked as a duplicate of bug 116451 ***