Bug 151390 - Null dereference in Performance::Performance(WebCore::Frame*)
Summary: Null dereference in Performance::Performance(WebCore::Frame*)
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2015-11-18 09:45 PST by Chris Dumez
Modified: 2015-11-18 11:08 PST (History)
7 users (show)

See Also:


Attachments
Patch (5.07 KB, patch)
2015-11-18 10:14 PST, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2015-11-18 09:45:38 PST
0   WebCore                       	0x000000019509cba0 WebCore::Performance::Performance(WebCore::Frame*) + 96 (DocumentLoadTiming.h:70)
1   WebCore                       	0x000000019509cba0 WebCore::Performance::Performance(WebCore::Frame*) + 96 (Performance.cpp:60)
2   WebCore                       	0x0000000194a30d24 WebCore::DOMWindow::performance() const + 80 (Performance.h:57)
3   WebCore                       	0x0000000194d3f150 WebCore::jsDOMWindowPerformance(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) + 56 (JSDOMWindow.cpp:6538)
4   JavaScriptCore                	0x0000000183fd26a0 llint_slow_path_get_by_id + 1960 (PropertySlot.h:257)
5   JavaScriptCore                	0x000000018441a7e0 llint_entry + 9936
6   JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
7   JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
8   JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
9   ???                           	0x000000010ab25080 0 + 4474425472
10  ???                           	0x000000010ab25080 0 + 4474425472
11  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
12  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
13  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
14  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
15  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
16  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
17  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
18  JavaScriptCore                	0x000000018441dd74 llint_entry + 23652
19  JavaScriptCore                	0x0000000184417ef8 vmEntryToJavaScript + 312
20  JavaScriptCore                	0x0000000184344c48 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 180 (JITCode.cpp:81)
21  JavaScriptCore                	0x0000000183fde108 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 400 (Interpreter.cpp:965)
22  JavaScriptCore                	0x00000001840ed7dc JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 80 (CallData.cpp:39)
23  WebCore                       	0x00000001947974a0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 828 (JSMainThreadExecState.h:56)
24  WebCore                       	0x0000000194a77b54 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 696 (EventTarget.cpp:256)
25  WebCore                       	0x00000001946a4988 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 328 (EventTarget.cpp:208)
26  WebCore                       	0x00000001946c28a4 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 300 (DOMWindow.cpp:1900)
27  WebCore                       	0x00000001946ffdf8 WebCore::DOMWindow::dispatchLoadEvent() + 336 (DOMWindow.cpp:1858)
28  WebCore                       	0x00000001946ab67c WebCore::Document::implicitClose() + 304 (Document.cpp:4016)
29  WebCore                       	0x00000001946aacd4 WebCore::FrameLoader::checkCompleted() + 352 (FrameLoader.cpp:890)
30  WebCore                       	0x00000001946abad4 WebCore::FrameLoader::completed() + 108 (FrameLoader.cpp:1107)
31  WebCore                       	0x00000001946aace8 WebCore::FrameLoader::checkCompleted() + 372 (FrameLoader.cpp:840)
32  WebCore                       	0x00000001946a9e3c WebCore::FrameLoader::finishedParsing() + 132 (FrameLoader.cpp:756)
33  WebCore                       	0x00000001946a9d24 WebCore::Document::finishedParsing() + 364 (Document.cpp:4849)
34  WebCore                       	0x0000000194c0d6b0 WebCore::ImageDocument::finishedParsing() + 732 (ImageDocument.cpp:172)
35  WebCore                       	0x00000001946a59d8 WebCore::DocumentWriter::end() + 92 (DocumentWriter.cpp:247)
36  WebCore                       	0x000000019469d264 WebCore::DocumentLoader::finishedLoading(double) + 256 (DocumentLoader.cpp:430)
37  WebCore                       	0x00000001946e13a8 WebCore::CachedResource::checkNotify() + 284 (CachedResource.cpp:297)
38  WebCore                       	0x0000000194897104 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 224 (CachedRawResource.cpp:103)
39  WebCore                       	0x00000001946e1174 WebCore::SubresourceLoader::didFinishLoading(double) + 1020 (SubresourceLoader.cpp:371)
40  WebKit                        	0x0000000188dc5804 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 532 (HandleMessage.h:16)
Comment 1 Chris Dumez 2015-11-18 09:46:00 PST
rdar://problem/23554862
Comment 2 Chris Dumez 2015-11-18 10:14:52 PST
Created attachment 265750 [details]
Patch
Comment 3 Brady Eidson 2015-11-18 10:17:34 PST
Sad on the unreproducibility, though :(
Comment 4 Chris Dumez 2015-11-18 10:20:39 PST
(In reply to comment #3)
> Sad on the unreproducibility, though :(

I tried for an hour to reproduce this. If you have any idea how I could get a null documentLoader there, I'd be happy try them.
Comment 5 WebKit Commit Bot 2015-11-18 11:07:58 PST
Comment on attachment 265750 [details]
Patch

Clearing flags on attachment: 265750

Committed r192582: <http://trac.webkit.org/changeset/192582>
Comment 6 WebKit Commit Bot 2015-11-18 11:08:02 PST
All reviewed patches have been landed.  Closing bug.