138164 – Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons-and-dragons/story

Bug 138164 - Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons-and-dragons/story

Summary: Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P1 Critical
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:	138079
	Show dependency tree / graph

Reported:	2014-10-28 18:13 PDT by Chris Dumez
Modified:	2014-10-29 00:59 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (5.09 KB, patch) 2014-10-28 20:26 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2014-10-28 18:13:36 PDT

Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons-and-dragons/story

This is due to the HTTPHeaderMap iterator not initializing the KeyValue correctly when there are only uncommon headers.

BackTrace:
0   com.apple.JavaScriptCore      	0x000000010d48488a WTFCrash + 42
1   com.apple.WebCore             	0x000000010ea7283e WTF::CaseFoldingHash::hash(WTF::StringImpl*) + 62 (StringHash.h:97)
2   com.apple.WebCore             	0x000000010ea727ed WTF::CaseFoldingHash::hash(WTF::String const&) + 29 (StringHash.h:128)
3   com.apple.WebCore             	0x000000010ea725c5 unsigned int WTF::IdentityHashTranslator<WTF::CaseFoldingHash>::hash<WTF::String>(WTF::String const&) + 21 (HashTable.h:281)
4   com.apple.WebCore             	0x000000010ec0e7c0 WTF::KeyValuePair<WTF::String, WTF::String>* WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WTF::String> >, WTF::CaseFoldingHash, WTF::HashMap<WTF::String, WTF::String, WTF::CaseFoldingHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::lookup<WTF::IdentityHashTranslator<WTF::CaseFoldingHash>, WTF::String>(WTF::String const&) + 80 (HashTable.h:595)
5   com.apple.WebCore             	0x000000010ec0ea6d WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WTF::String> >, WTF::CaseFoldingHash, WTF::HashMap<WTF::String, WTF::String, WTF::CaseFoldingHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::lookup(WTF::String const&) + 29 (HashTable.h:407)
6   com.apple.WebCore             	0x000000010ec0e54b WTF::HashMap<WTF::String, WTF::String, WTF::CaseFoldingHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::get(WTF::String const&) const + 43 (HashMap.h:351)
7   com.apple.WebCore             	0x000000010ec0dbe6 WebCore::CachedRawResource::canReuse(WebCore::ResourceRequest const&) const + 742 (CachedRawResource.cpp:249)
8   com.apple.WebCore             	0x000000010ec222ea WebCore::CachedResourceLoader::determineRevalidationPolicy(WebCore::CachedResource::Type, WebCore::ResourceRequest&, bool, WebCore::CachedResource*, WebCore::CachedResourceRequest::DeferOption) const + 186 (CachedResourceLoader.cpp:576)
9   com.apple.WebCore             	0x000000010ec211bc WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 1228 (CachedResourceLoader.cpp:455)
10  com.apple.WebCore             	0x000000010ec21c80 WebCore::CachedResourceLoader::requestRawResource(WebCore::CachedResourceRequest&) + 64 (CachedResourceLoader.cpp:249)
11  com.apple.WebCore             	0x000000010f038145 WebCore::DocumentThreadableLoader::loadRequest(WebCore::ResourceRequest const&, WebCore::SecurityCheckPolicy) + 709 (DocumentThreadableLoader.cpp:386)
12  com.apple.WebCore             	0x000000010f037cf1 WebCore::DocumentThreadableLoader::DocumentThreadableLoader(WebCore::Document&, WebCore::ThreadableLoaderClient&, WebCore::DocumentThreadableLoader::BlockingBehavior, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 481 (DocumentThreadableLoader.cpp:86)
13  com.apple.WebCore             	0x000000010f037a1b WebCore::DocumentThreadableLoader::DocumentThreadableLoader(WebCore::Document&, WebCore::ThreadableLoaderClient&, WebCore::DocumentThreadableLoader::BlockingBehavior, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 59 (DocumentThreadableLoader.cpp:95)
14  com.apple.WebCore             	0x000000010f037a86 WebCore::DocumentThreadableLoader::create(WebCore::Document&, WebCore::ThreadableLoaderClient&, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 86 (DocumentThreadableLoader.cpp:67)
15  com.apple.WebCore             	0x00000001108d0227 WebCore::ThreadableLoader::create(WebCore::ScriptExecutionContext*, WebCore::ThreadableLoaderClient*, WebCore::ResourceRequest const&, WebCore::ThreadableLoaderOptions const&) + 295 (ThreadableLoader.cpp:62)
16  com.apple.WebCore             	0x0000000110ab1461 WebCore::XMLHttpRequest::createRequest(int&) + 1825 (XMLHttpRequest.cpp:793)
17  com.apple.WebCore             	0x0000000110ab096f WebCore::XMLHttpRequest::send(WTF::String const&, int&) + 751 (XMLHttpRequest.cpp:646)
18  com.apple.WebCore             	0x0000000110ab0665 WebCore::XMLHttpRequest::send(int&) + 53 (XMLHttpRequest.cpp:587)
19  com.apple.WebCore             	0x000000010fde9f8c WebCore::JSXMLHttpRequest::send(JSC::ExecState*) + 172 (JSXMLHttpRequestCustom.cpp:149)
20  com.apple.WebCore             	0x000000010fde685f WebCore::jsXMLHttpRequestPrototypeFunctionSend(JSC::ExecState*) + 383 (JSXMLHttpRequest.cpp:934)

Radar: <rdar://problem/18801997>

Comment 1 Chris Dumez 2014-10-28 18:41:45 PDT

The fix is trivial but I am trying to write a layout test for it.

Comment 2 Chris Dumez 2014-10-28 20:26:53 PDT

Created attachment 240589 [details]
Patch

Comment 3 Andreas Kling 2014-10-29 00:19:25 PDT

Comment on attachment 240589 [details]
Patch

r=me, thanks for the quick fix!

Comment 4 WebKit Commit Bot 2014-10-29 00:58:56 PDT

Comment on attachment 240589 [details]
Patch

Clearing flags on attachment: 240589

Committed r175312: <http://trac.webkit.org/changeset/175312>

Comment 5 WebKit Commit Bot 2014-10-29 00:59:01 PDT

All reviewed patches have been landed.  Closing bug.