WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
145038
FrameLoader::commitProvisionalLoad crash
https://bugs.webkit.org/show_bug.cgi?id=145038
Summary
FrameLoader::commitProvisionalLoad crash
Jin
Reported
2015-05-14 21:49:08 PDT
I use test UIWebView with my own monkey test . The monkey test will do the following test case: 1、open random url 2、goBack 3、goForward 4、close UIWebView then open it 5、stopLoading After test for half hours , I found some crash. In function FrameLoader::commitProvisionalLoad , the following code: StringWithDirection title = m_documentLoader->title(); if (!title.isNull()) m_client.dispatchDidReceiveTitle(title); The "m_documentLoader" is NULL. I think we should check it before use "m_documentLoader". This is my first time to report it bug at Webkit.org, what should I do to help to fix this bug? Thread 1 crash stack: * thread #1: tid = 0x14e67, 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x448) * frame #0: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44 frame #1: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44 frame #2: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::String::String(WTF::String const&) at WTFString.h:132 frame #3: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::String::String(WTF::String const&) at WTFString.h:132 frame #4: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WebCore::StringWithDirection::StringWithDirection(WebCore::StringWithDirection const&) at StringWithDirection.h:47 frame #5: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WebCore::StringWithDirection::StringWithDirection(WebCore::StringWithDirection const&) at StringWithDirection.h:47 frame #6: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad(this=0x35391710) + 806 at FrameLoader.cpp:1802 frame #7: 0x0f1ba48b WebCore`WebCore::FrameLoader::loadProvisionalItemFromCachedPage(this=<unavailable>) + 203 at FrameLoader.cpp:3094 frame #8: 0x0f1bd35a WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) [inlined] WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const + 33 at FrameLoader.cpp:1458 frame #9: 0x0f1bd339 WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) [inlined] decltype(std::__1::forward<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&>(fp)(std::__1::forward<WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(fp0))) std::__1::__invoke<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&&&, WebCore::ResourceRequest const&&&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) at __functional_base:413 frame #10: 0x0f1bd339 WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator(this=0xbfffc020, __arg=0xbfffbe80, __arg=0xbfffbca0, __arg=0xbfffbcaa)(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) + 41 at functional:1370 frame #11: 0x0f959ebb WebCore`WebCore::PolicyCallback::call(bool) [inlined] std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator(__arg=<unavailable>)(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const + 75 at functional:1756 frame #12: 0x0f959e9f WebCore`WebCore::PolicyCallback::call(this=0xbfffbe80, shouldContinue=true) + 47 at PolicyCallback.cpp:95 frame #13: 0x0f95c478 WebCore`WebCore::PolicyChecker::continueAfterNavigationPolicy(this=<unavailable>, policy=<unavailable>) + 840 at PolicyChecker.cpp:206 frame #14: 0x0f95d41d WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) [inlined] WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1::operator()(WebCore::PolicyAction) const + 29 at PolicyChecker.cpp:123 frame #15: 0x0f95d411 WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) [inlined] decltype(std::__1::forward<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1&>(fp)(std::__1::forward<WebCore::PolicyAction>(fp0))) std::__1::__invoke<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1&, WebCore::PolicyAction>(WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1&&&, WebCore::PolicyAction&&) at __functional_base:413 frame #16: 0x0f95d411 WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator(this=0xbfffc0b0, __arg=0xbfffc0ac)(WebCore::PolicyAction&&) + 17 at functional:1370 frame #17: 0x0eb4a511 WebKitLegacy`-[WebFramePolicyListener receivedPolicyDecision:] [inlined] std::__1::function<void (WebCore::PolicyAction)>::operator(__arg=<unavailable>)(WebCore::PolicyAction) const + 24 at functional:1756 frame #18: 0x0eb4a4f9 WebKitLegacy`-[WebFramePolicyListener receivedPolicyDecision:](self=<unavailable>, _cmd=0x0ebdffc4, action=<unavailable>) + 169 at WebFrameLoaderClient.mm:2340 frame #19: 0x0eb4a689 WebKitLegacy`-[WebFramePolicyListener use](self=0x21148a00, _cmd=0x0e87ab46) + 41 at WebFrameLoaderClient.mm:2369 frame #20: 0x07c0e656 UIKit`-[UIWebView webView:decidePolicyForNavigationAction:request:frame:decisionListener:] + 844 frame #21: 0x07c10bb9 UIKit`-[UIWebViewWebViewDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:] + 80 frame #22: 0x0644284d CoreFoundation`__invoking___ + 29 frame #23: 0x064426f8 CoreFoundation`-[NSInvocation invoke] + 360 frame #24: 0x064db32a CoreFoundation`-[NSInvocation invokeWithTarget:] + 74 frame #25: 0x0eba6540 WebKitLegacy`-[_WebSafeForwarder forwardInvocation:](self=<unavailable>, _cmd=0x0a9dc6a4, invocation=0x1bf0bbb0) + 160 at WebView.mm:4611 frame #26: 0x064b004e CoreFoundation`___forwarding___ + 478 frame #27: 0x064afe4e CoreFoundation`__forwarding_prep_0___ + 14 frame #28: 0x0644284d CoreFoundation`__invoking___ + 29 frame #29: 0x064426f8 CoreFoundation`-[NSInvocation invoke] + 360 frame #30: 0x0fe80d16 WebCore`HandleDelegateSource(void*) [inlined] SendMessage(invocation=0x211907b0) + 18 at WebCoreThread.mm:150 frame #31: 0x0fe80d04 WebCore`HandleDelegateSource(info=0x00000000) + 100 at WebCoreThread.mm:178 frame #32: 0x0648306f CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 15 frame #33: 0x06478b7d CoreFoundation`__CFRunLoopDoSources0 + 253 frame #34: 0x064780d8 CoreFoundation`__CFRunLoopRun + 952 frame #35: 0x06477a5b CoreFoundation`CFRunLoopRunSpecific + 443 frame #36: 0x0647788b CoreFoundation`CFRunLoopRunInMode + 123 frame #37: 0x0c1ce2c9 GraphicsServices`GSEventRunModal + 192 frame #38: 0x0c1ce106 GraphicsServices`GSEventRun + 104 frame #39: 0x07935106 UIKit`UIApplicationMain + 1526 frame #40: 0x00002dc6 UCWEB`main(argc=1, argv=0xbfffd2bc) + 230 at main.mm:161 frame #41: 0x0b230ac9 libdyld.dylib`start + 1 Webthread Satck: * thread #10: tid = 0x14ed3, 0x0b51d512 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'WebThread' * frame #0: 0x0b51d512 libsystem_kernel.dylib`__psynch_cvwait + 10 frame #1: 0x0b54aa4a libsystem_pthread.dylib`_pthread_cond_wait + 726 frame #2: 0x0b54e20c libsystem_pthread.dylib`pthread_cond_timedwait$UNIX2003 + 71 frame #3: 0x0fe7fbb9 WebCore`SendDelegateMessage(NSInvocation*) [inlined] WebTimedConditionLock(condition=<unavailable>, lock=<unavailable>, interval=10) + 633 at WebCoreThread.mm:780 frame #4: 0x0fe7fb4a WebCore`SendDelegateMessage(invocation=<unavailable>) + 522 at WebCoreThread.mm:220 frame #5: 0x0eba64d5 WebKitLegacy`-[_WebSafeForwarder forwardInvocation:](self=<unavailable>, _cmd=0x0a9dc6a4, invocation=0x211907b0) + 53 at WebView.mm:4605 frame #6: 0x064b004e CoreFoundation`___forwarding___ + 478 frame #7: 0x064afe4e CoreFoundation`__forwarding_prep_0___ + 14 frame #8: 0x0eb456d6 WebKitLegacy`WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(this=<unavailable>, action=0xb0479390, request=<unavailable>, formState=PassRefPtr<WebCore::FormState> at 0xb0479298, function=<unavailable>)>) + 294 at WebFrameLoaderClient.mm:912 frame #9: 0x0f95b816 WebCore`WebCore::PolicyChecker::checkNavigationPolicy(this=0x18898000, request=<unavailable>, loader=<unavailable>, formState=<unavailable>, function=<unavailable>)>) + 3126 at PolicyChecker.cpp:122 frame #10: 0x0f1b3008 WebCore`WebCore::FrameLoader::loadWithDocumentLoader(this=<unavailable>, loader=0x00000000, type=<unavailable>, prpFormState=<unavailable>, allowNavigationToInvalidURL=<unavailable>) + 2360 at FrameLoader.cpp:1457 frame #11: 0x0f1ac46c WebCore`WebCore::FrameLoader::loadDifferentDocumentItem(this=<unavailable>, item=<unavailable>, loadType=<unavailable>, cacheLoadPolicy=<unavailable>) + 700 at FrameLoader.cpp:3161 frame #12: 0x0f1bbd0b WebCore`WebCore::FrameLoader::loadItem(this=0x35391710, item=0x49b74bc8, loadType=<unavailable>) + 123 at FrameLoader.cpp:3246 frame #13: 0x0f239c4d WebCore`WebCore::HistoryController::recursiveGoToItem(this=<unavailable>, item=<unavailable>, fromItem=<unavailable>, type=<unavailable>) + 397 at HistoryController.cpp:736 frame #14: 0x0f239845 WebCore`WebCore::HistoryController::goToItem(this=<unavailable>, targetItem=<unavailable>, type=<unavailable>) + 197 at HistoryController.cpp:302 frame #15: 0x0f9232c5 WebCore`WebCore::Page::goToItem(this=<unavailable>, item=0x49b74bc8, type=<unavailable>) + 85 at Page.cpp:448 frame #16: 0x0ede11a7 WebCore`WebCore::BackForwardController::goForward(this=0x41f4a6c0) + 55 at BackForwardController.cpp:96 frame #17: 0x0eba8281 WebKitLegacy`__20-[WebView goForward]_block_invoke(.block_descriptor=0x2473c970) + 49 at WebView.mm:5641 frame #18: 0x0fe8195a WebCore`HandleRunSource(void*) [inlined] (anonymous namespace)::WebThreadBlock::operator()() const + 14 at WebCoreThreadRun.cpp:97 frame #19: 0x0fe8194c WebCore`HandleRunSource(info=0x00000000) + 380 at WebCoreThreadRun.cpp:133 frame #20: 0x0648306f CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 15 frame #21: 0x06478c4e CoreFoundation`__CFRunLoopDoSources0 + 462 frame #22: 0x064780d8 CoreFoundation`__CFRunLoopRun + 952 frame #23: 0x06477a5b CoreFoundation`CFRunLoopRunSpecific + 443 frame #24: 0x0647788b CoreFoundation`CFRunLoopRunInMode + 123 frame #25: 0x0fe810f0 WebCore`RunWebThread(arg=0x00000000) + 608 at WebCoreThread.mm:692 frame #26: 0x0b549e13 libsystem_pthread.dylib`_pthread_body + 138 frame #27: 0x0b549d89 libsystem_pthread.dylib`_pthread_start + 162 frame #28: 0x0b547e52 libsystem_pthread.dylib`thread_start + 34
Attachments
Add attachment
proposed patch, testcase, etc.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug