150205 – Null dereference loading Blink layout test http/tests/navigation/new-window-sandboxed-iframe.html

RESOLVED DUPLICATE of bug 128458 150205

Null dereference loading Blink layout test http/tests/navigation/new-window-sandboxed-iframe.html

https://bugs.webkit.org/show_bug.cgi?id=150205

Summary Null dereference loading Blink layout test http/tests/navigation/new-window-s...

Jon Honeycutt

Reported 2015-10-15 16:50:07 PDT

Created attachment 263222 [details] crashing test Null dereference loading Blink layout test http/tests/navigation/new-window-sandboxed-iframe.html. Stack trace: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGABRT) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010 Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0x10: --> __TEXT 000000010c329000-000000010c32c000 [ 12K] r-x/rwx SM=COW /Users/USER/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: ================================================================ ==10351==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x000116b0006d bp 0x7fff538d3470 sp 0x7fff538d3470 T0) #0 0x116b0006c in WTF::RefPtr<WebCore::HistoryItem>::get() const (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x52c06c) #1 0x116f1e129 in WKBundleBackForwardListItemIsSame (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x94a129) #2 0x12245c978 in WTR::InjectedBundlePage::dumpBackForwardList(WTF::StringBuilder&) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x40978) #3 0x122447ce4 in WTR::InjectedBundle::dumpBackForwardListsForAllPages(WTF::StringBuilder&) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x2bce4) #4 0x122455b20 in WTR::InjectedBundlePage::dump() (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x39b20) #5 0x1167559c6 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x1819c6) #6 0x116ba1b8a in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x5cdb8a) #7 0x11b6f1300 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebCore.framework/Versions/A/WebCore+0xa93300) #8 0x11b6e68b2 in WebCore::FrameLoader::checkLoadComplete() (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebCore.framework/Versions/A/WebCore+0xa888b2) #9 0x11b348baf in WebCore::DocumentLoader::finishedLoading(double) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebCore.framework/Versions/A/WebCore+0x6eabaf) #10 0x11aea7ca7 in WebCore::CachedResource::checkNotify() (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebCore.framework/Versions/A/WebCore+0x249ca7) #11 0x11aea2ff9 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebCore.framework/Versions/A/WebCore+0x244ff9) #12 0x11cf30588 in WebCore::SubresourceLoader::didFinishLoading(double) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebCore.framework/Versions/A/WebCore+0x22d2588) #13 0x116ebb7b5 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x8e77b5) #14 0x116ebaca2 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x8e6ca2) #15 0x11683a6ca in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x2666ca) #16 0x116664745 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x90745) #17 0x11666bf09 in IPC::Connection::dispatchOneMessage() (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/WebKit+0x97f09) #18 0x1196fe618 in WTF::RunLoop::performWork() (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xe7e618) #19 0x1196fee6e in WTF::RunLoop::performWork(void*) (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xe7ee6e) #20 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0) #21 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab) #22 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce) #23 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7) #24 0x7fff89713d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54) #25 0x7fff89713b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e) #26 0x7fff897139ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce) #27 0x7fff8d4e6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95) #28 0x7fff8d4e61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4) #29 0x7fff8d4dad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27) #30 0x7fff8d4a3fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd) #31 0x7fff924c44f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1) #32 0x7fff924c2f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d) #33 0x10c32a266 in main (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001266) #34 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #35 0x0 (<unknown module>)

Attachments
crashing test (322 bytes, text/html) 2015-10-15 16:50 PDT, Jon Honeycutt	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2015-10-15 16:50:33 PDT

<rdar://problem/23136996>

Fujii Hironori

Comment 2 2018-02-19 19:48:40 PST

*** This bug has been marked as a duplicate of bug 128458 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 128458

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component History

Assignee

Nobody

Reported

2015-10-15 16:50 PDT

Modified

2018-02-19 19:48 PST History

CC List

3 users Show

URL

Keywords HasReduction, InRadar

Depends on

Blocks