RESOLVED FIXED 143899
[WK2] Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue() 
https://bugs.webkit.org/show_bug.cgi?id=143899
Summary [WK2] Possible null pointer dereference in WebDiagnosticLoggingClient::logDia...
Chris Dumez
Reported 2015-04-17 14:48:36 PDT
Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000060) [ 0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) [inlined] WTF::RefPtr<WebCore::Settings>::operator*() const at RefPtr.h:69:51 0x00007fff9b23651c: movq %rsi, %r13 0x00007fff9b23651f: movq %rdi, %rbx 0x00007fff9b236522: movq 0x8(%rbx), %rsi 0x00007fff9b236526: movq 0x28(%rsi), %rax -> 0x00007fff9b23652a: movq 0x60(%rax), %rax 0x00007fff9b23652e: btq $0x20, 0x104(%rax) 0x00007fff9b236537: jae 0x1a2585 ; <+131> at WebDiagnosticLoggingClient.cpp:72 0x00007fff9b236539: leaq 0x480(%rsi), %rdi 0x00007fff9b236540: movq %r13, %rdx [ 0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) [inlined] WebCore::Page::settings() const at Page.h:199 [ 0] 0x00007fff9b23652a WebKit`WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::ShouldSample) + 40 at WebDiagnosticLoggingClient.cpp:66 62 } 63 64 void WebDiagnosticLoggingClient::logDiagnosticMessageWithValue(const String& message, const String& description, const String& value, WebCore::ShouldSample shouldSample) 65 { -> 66 if (!m_page.corePage()->settings().diagnosticLoggingEnabled()) 67 return; 68 69 // FIXME: Remove this injected bundle API. 70 m_page.injectedBundleDiagnosticLoggingClient().logDiagnosticMessageWithValue(&m_page, message, description, value); [ 1] 0x00007fff95d28065 WebCore`WebCore::SubresourceLoader::didFinishLoading(double) [inlined] WebCore::logResourceLoaded(WebCore::Frame*, WebCore::CachedResource::Type) + 762 at SubresourceLoader.cpp:352:5 [ 1] 0x00007fff95d27d6b WebCore`WebCore::SubresourceLoader::didFinishLoading(double) + 75 at SubresourceLoader.cpp:364 [ 2] 0x00007fff9b2d7a98 WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 12 at HandleMessage.h:16:5 [ 2] 0x00007fff9b2d7a8c WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) at HandleMessage.h:22 [ 2] 0x00007fff9b2d7a8c WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) [inlined] void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 24 at HandleMessage.h:92 [ 2] 0x00007fff9b2d7a74 WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 524 at WebResourceLoaderMessageReceiver.cpp:71 [ 3] 0x00007fff9b13a257 WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) [inlined] IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 12 at Connection.cpp:859:5 [ 3] 0x00007fff9b13a24b WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 89 at Connection.cpp:882 [ 4] 0x00007fff9b13c26f WebKit`IPC::Connection::dispatchOneMessage() + 113 at Connection.cpp:910:5 [ 5] 0x00007fff9d054f71 JavaScriptCore`WTF::RunLoop::performWork() [inlined] std::__1::function<void ()>::operator()() const + 9 at functional:1756:12 [ 5] 0x00007fff9d054f68 JavaScriptCore`WTF::RunLoop::performWork() + 856 at RunLoop.cpp:119 [ 6] 0x00007fff9d0554a1 JavaScriptCore`WTF::RunLoop::performWork(void*) + 33 at RunLoopCF.cpp:38:5 [ 7] 0x00007fff9bcc93e0 Radar: <rdar://problem/20584215>
Attachments
Patch (2.98 KB, patch)
2015-04-17 14:50 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-04-17 14:50:44 PDT
Created attachment 251053 [details] Patch
WebKit Commit Bot
Comment 2 2015-04-17 17:47:34 PDT
Comment on attachment 251053 [details] Patch Clearing flags on attachment: 251053 Committed r182979: <http://trac.webkit.org/changeset/182979>
WebKit Commit Bot
Comment 3 2015-04-17 17:47:39 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.