RESOLVED FIXED 151390
Null dereference in Performance::Performance(WebCore::Frame*) 
https://bugs.webkit.org/show_bug.cgi?id=151390
Summary Null dereference in Performance::Performance(WebCore::Frame*)
Chris Dumez
Reported 2015-11-18 09:45:38 PST
0 WebCore 0x000000019509cba0 WebCore::Performance::Performance(WebCore::Frame*) + 96 (DocumentLoadTiming.h:70) 1 WebCore 0x000000019509cba0 WebCore::Performance::Performance(WebCore::Frame*) + 96 (Performance.cpp:60) 2 WebCore 0x0000000194a30d24 WebCore::DOMWindow::performance() const + 80 (Performance.h:57) 3 WebCore 0x0000000194d3f150 WebCore::jsDOMWindowPerformance(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) + 56 (JSDOMWindow.cpp:6538) 4 JavaScriptCore 0x0000000183fd26a0 llint_slow_path_get_by_id + 1960 (PropertySlot.h:257) 5 JavaScriptCore 0x000000018441a7e0 llint_entry + 9936 6 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 7 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 8 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 9 ??? 0x000000010ab25080 0 + 4474425472 10 ??? 0x000000010ab25080 0 + 4474425472 11 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 12 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 13 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 14 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 15 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 16 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 17 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 18 JavaScriptCore 0x000000018441dd74 llint_entry + 23652 19 JavaScriptCore 0x0000000184417ef8 vmEntryToJavaScript + 312 20 JavaScriptCore 0x0000000184344c48 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 180 (JITCode.cpp:81) 21 JavaScriptCore 0x0000000183fde108 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 400 (Interpreter.cpp:965) 22 JavaScriptCore 0x00000001840ed7dc JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 80 (CallData.cpp:39) 23 WebCore 0x00000001947974a0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 828 (JSMainThreadExecState.h:56) 24 WebCore 0x0000000194a77b54 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 696 (EventTarget.cpp:256) 25 WebCore 0x00000001946a4988 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 328 (EventTarget.cpp:208) 26 WebCore 0x00000001946c28a4 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 300 (DOMWindow.cpp:1900) 27 WebCore 0x00000001946ffdf8 WebCore::DOMWindow::dispatchLoadEvent() + 336 (DOMWindow.cpp:1858) 28 WebCore 0x00000001946ab67c WebCore::Document::implicitClose() + 304 (Document.cpp:4016) 29 WebCore 0x00000001946aacd4 WebCore::FrameLoader::checkCompleted() + 352 (FrameLoader.cpp:890) 30 WebCore 0x00000001946abad4 WebCore::FrameLoader::completed() + 108 (FrameLoader.cpp:1107) 31 WebCore 0x00000001946aace8 WebCore::FrameLoader::checkCompleted() + 372 (FrameLoader.cpp:840) 32 WebCore 0x00000001946a9e3c WebCore::FrameLoader::finishedParsing() + 132 (FrameLoader.cpp:756) 33 WebCore 0x00000001946a9d24 WebCore::Document::finishedParsing() + 364 (Document.cpp:4849) 34 WebCore 0x0000000194c0d6b0 WebCore::ImageDocument::finishedParsing() + 732 (ImageDocument.cpp:172) 35 WebCore 0x00000001946a59d8 WebCore::DocumentWriter::end() + 92 (DocumentWriter.cpp:247) 36 WebCore 0x000000019469d264 WebCore::DocumentLoader::finishedLoading(double) + 256 (DocumentLoader.cpp:430) 37 WebCore 0x00000001946e13a8 WebCore::CachedResource::checkNotify() + 284 (CachedResource.cpp:297) 38 WebCore 0x0000000194897104 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 224 (CachedRawResource.cpp:103) 39 WebCore 0x00000001946e1174 WebCore::SubresourceLoader::didFinishLoading(double) + 1020 (SubresourceLoader.cpp:371) 40 WebKit 0x0000000188dc5804 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 532 (HandleMessage.h:16)
Attachments
Patch (5.07 KB, patch)
2015-11-18 10:14 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-11-18 09:46:00 PST
rdar://problem/23554862
Chris Dumez
Comment 2 2015-11-18 10:14:52 PST
Created attachment 265750 [details] Patch
Brady Eidson
Comment 3 2015-11-18 10:17:34 PST
Sad on the unreproducibility, though :(
Chris Dumez
Comment 4 2015-11-18 10:20:39 PST
(In reply to comment #3) > Sad on the unreproducibility, though :( I tried for an hour to reproduce this. If you have any idea how I could get a null documentLoader there, I'd be happy try them.
WebKit Commit Bot
Comment 5 2015-11-18 11:07:58 PST
Comment on attachment 265750 [details] Patch Clearing flags on attachment: 265750 Committed r192582: <http://trac.webkit.org/changeset/192582>
WebKit Commit Bot
Comment 6 2015-11-18 11:08:02 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.