141478 – performance.now can crash if accessed from a window that has navigated

Bug 141478 - performance.now can crash if accessed from a window that has navigated

Summary: performance.now can crash if accessed from a window that has navigated

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Sam Weinig

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-11 10:03 PST by Sam Weinig
Modified:	2015-02-11 14:30 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (4.85 KB, patch) 2015-02-11 10:10 PST, Sam Weinig	ap: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam Weinig 2015-02-11 10:03:20 PST

performance.now can crash if accessed from a window that has navigated

Comment 1 Sam Weinig 2015-02-11 10:10:01 PST

Created attachment 246395 [details]
Patch

Comment 2 Sam Weinig 2015-02-11 10:20:25 PST

<rdar://problem/16892506>

Comment 3 Alexey Proskuryakov 2015-02-11 10:26:47 PST

Comment on attachment 246395 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=246395&action=review

> LayoutTests/fast/performance/performance-now-crash-on-navigated-window.html:26
> +        // Should not crash.
> +        value = perfFromInitialFrame.now();
> +        shouldBe('value', '0');

Please test Firefox, and possibly update the comment for other reasonable outcomes.

This way, if someone changes our behavior to match Firefox and accidentally breaks this test, they will have an easier time figuring out if that's OK.

Comment 4 Sam Weinig 2015-02-11 10:33:12 PST

Committed r179936: <http://trac.webkit.org/changeset/179936>

Comment 5 Sam Weinig 2015-02-11 10:36:36 PST

Committed r179937: <http://trac.webkit.org/changeset/179937>

Comment 6 Alexey Proskuryakov 2015-02-11 14:29:25 PST

The new regression test just crashed on a GuardMalloc bot:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010824024a WebCore::Performance::now() const + 10
1   com.apple.WebCore             	0x000000010802b58e WebCore::jsPerformancePrototypeFunctionNow(JSC::ExecState*) + 126
2   ???                           	0x0000000112f73028 0 + 4613156904
3   com.apple.JavaScriptCore      	0x0000000106e8e248 llint_entry + 22290
4   com.apple.JavaScriptCore      	0x0000000106e8e248 llint_entry + 22290

Comment 7 Alexey Proskuryakov 2015-02-11 14:30:32 PST

False alarm, that's because the test was landed before the fix :)