143899 – [WK2] Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue()

Bug 143899 - [WK2] Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue()

Summary: [WK2] Possible null pointer dereference in WebDiagnosticLoggingClient::logDia...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2015-04-17 14:48 PDT by Chris Dumez
Modified:	2015-04-17 17:47 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (2.98 KB, patch) 2015-04-17 14:50 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2015-04-17 14:48:36 PDT

Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue():
Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000060)
[  0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) [inlined] WTF::RefPtr<WebCore::Settings>::operator*() const at RefPtr.h:69:51

     0x00007fff9b23651c:     movq %rsi, %r13
     0x00007fff9b23651f:     movq %rdi, %rbx
     0x00007fff9b236522:     movq 0x8(%rbx), %rsi
     0x00007fff9b236526:     movq 0x28(%rsi), %rax
 ->  0x00007fff9b23652a:     movq 0x60(%rax), %rax
     0x00007fff9b23652e:      btq $0x20, 0x104(%rax)
     0x00007fff9b236537:      jae 0x1a2585             ; <+131> at WebDiagnosticLoggingClient.cpp:72
     0x00007fff9b236539:     leaq 0x480(%rsi), %rdi
     0x00007fff9b236540:     movq %r13, %rdx

[  0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) [inlined] WebCore::Page::settings() const at Page.h:199
[  0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) + 40 at WebDiagnosticLoggingClient.cpp:66
       62  	}
       63  	
       64  	void WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(const String& message, const String& description, const String& value, WebCore::ShouldSample shouldSample)
       65  	{
    -> 66  	    if (!m_page.corePage()->settings().diagnosticLoggingEnabled())
       67  	        return;
       68  	
       69  	    // FIXME: Remove this injected bundle API.
       70  	    m_page.injectedBundleDiagnosticLoggingClient().logDiagnosticMessageWithValue(&m_page, message, description, value);
    
[  1] 0x00007fff95d28065 WebCore`WebCore::SubresourceLoader::didFinishLoading(double) [inlined] WebCore::logResourceLoaded(WebCore::Frame*, WebCore::CachedResource::Type) + 762 at SubresourceLoader.cpp:352:5
[  1] 0x00007fff95d27d6b WebCore`WebCore::SubresourceLoader::didFinishLoading(double) + 75 at SubresourceLoader.cpp:364
[  2] 0x00007fff9b2d7a98 WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 12 at HandleMessage.h:16:5
[  2] 0x00007fff9b2d7a8c WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) at HandleMessage.h:22
[  2] 0x00007fff9b2d7a8c WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 24 at HandleMessage.h:92
[  2] 0x00007fff9b2d7a74 WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 524 at WebResourceLoaderMessageReceiver.cpp:71
[  3] 0x00007fff9b13a257 WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) [inlined] IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 12 at Connection.cpp:859:5
[  3] 0x00007fff9b13a24b WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 89 at Connection.cpp:882
[  4] 0x00007fff9b13c26f WebKit`IPC::Connection::dispatchOneMessage() + 113 at Connection.cpp:910:5
[  5] 0x00007fff9d054f71 JavaScriptCore`WTF::RunLoop::performWork() [inlined] std::__1::function<void ()>::operator()() const + 9 at functional:1756:12
[  5] 0x00007fff9d054f68 JavaScriptCore`WTF::RunLoop::performWork() + 856 at RunLoop.cpp:119
[  6] 0x00007fff9d0554a1 JavaScriptCore`WTF::RunLoop::performWork(void*) + 33 at RunLoopCF.cpp:38:5
[  7] 0x00007fff9bcc93e0 

Radar: <rdar://problem/20584215>

Comment 1 Chris Dumez 2015-04-17 14:50:44 PDT

Created attachment 251053 [details]
Patch

Comment 2 WebKit Commit Bot 2015-04-17 17:47:34 PDT

Comment on attachment 251053 [details]
Patch

Clearing flags on attachment: 251053

Committed r182979: <http://trac.webkit.org/changeset/182979>

Comment 3 WebKit Commit Bot 2015-04-17 17:47:39 PDT

All reviewed patches have been landed.  Closing bug.