183455 – Possible null dereference of the page under WebFrameNetworkingContext::storageSession()

RESOLVED FIXED 183455

Possible null dereference of the page under WebFrameNetworkingContext::storageSession()

https://bugs.webkit.org/show_bug.cgi?id=183455

Summary Possible null dereference of the page under WebFrameNetworkingContext::storag...

Chris Dumez

Reported 2018-03-08 09:25:18 PST

Possible null dereference of the page under WebFrameNetworkingContext::storageSession(): --> Crashing stack is: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000878 Thread 3 (WebThread) Crashed: 0 WebCore 0x000000018bca9d98 WebCore::Page::sessionID() const + 0 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7605.1.33.0.2/page/Page.cpp:2111) x0: 0x0000000000000000 (this) = NULL 1 WebKitLegacy 0x000000018c38a204 WebFrameNetworkingContext::storageSession() const + 24 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebKit/WebKit-7605.1.33.0.2/mac/WebCoreSupport/WebFrameNetworkingContext.mm:96) x0: 0x0000000000000000 (this->m_Frame->m_page) = NULL x8: 0x000000010d5e0900 (this->m_Frame) 2 WebCore 0x000000018b27a8bc WebCore::ResourceHandle::willSendRequest(WebCore::ResourceRequest&&, WebCore::ResourceResponse&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&) + 1012 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7605.1.33.0.2/platform/network/mac/ResourceHandleMac.mm:456) 3 WebCore 0x000000018b27ff88 WTF::Function<void ()>::CallableWrapper<-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]::$_1>::call() + 208 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7605.1.33.0.2/platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:160) 4 JavaScriptCore 0x000000018970d7d4 WTF::dispatchFunctionsFromMainThread() + 344 (/BuildRoot/Library/Caches/com.apple.xbs/Binaries/WTF/install/Root/usr/local/include/wtf/Function.h:56) 5 JavaScriptCore 0x0000000189834650 WTF::timerFired(__CFRunLoopTimer*, void*) + 40 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WTF/WTF-7605.1.33.0.2/wtf/mac/MainThreadMac.mm:110) 6 CoreFoundation 0x0000000182298aa8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CoreFoundation/Foundation-1452.23/CoreFoundation/RunLoop.subproj/CFRunLoop.c:1832) 7 CoreFoundation 0x000000018229876c __CFRunLoopDoTimer + 864 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CoreFoundation/Foundation-1452.23/CoreFoundation/RunLoop.subproj/CFRunLoop.c:2415) 8 CoreFoundation 0x0000000182298010 __CFRunLoopDoTimers + 248 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CoreFoundation/Foundation-1452.23/CoreFoundation/RunLoop.subproj/CFRunLoop.c:2562) 9 CoreFoundation 0x0000000182295b60 __CFRunLoopRun + 2168 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CoreFoundation/Foundation-1452.23/CoreFoundation/RunLoop.subproj/CFRunLoop.c:0) 10 CoreFoundation 0x00000001821b5da8 CFRunLoopRunSpecific + 552 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CoreFoundation/Foundation-1452.23/CoreFoundation/RunLoop.subproj/CFRunLoop.c:3245) 11 WebCore 0x000000018acfedcc RunWebThread(void*) + 592 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7605.1.33.0.2/platform/ios/wak/WebCoreThread.mm:624) 12 libsystem_pthread.dylib 0x0000000181f19220 _pthread_body + 272 (~rc/Software/Fatsa/Projects/libpthread/libpthread-301.50.1/src/pthread.c:740) 13 libsystem_pthread.dylib 0x0000000181f19110 _pthread_start + 292 (~rc/Software/Fatsa/Projects/libpthread/libpthread-301.50.1/src/pthread.c:799) 14 libsystem_pthread.dylib 0x0000000181f17b10 thread_start + 4

Attachments
Patch (2.04 KB, patch) 2018-03-08 09:28 PST, Chris Dumez	youennf: review+ commit-queue: commit-queue-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2018-03-08 09:25:34 PST

<rdar://problem/38191749>

Chris Dumez

Comment 2 2018-03-08 09:28:56 PST

Created attachment 335306 [details] Patch

WebKit Commit Bot

Comment 3 2018-03-08 10:29:13 PST

Comment on attachment 335306 [details] Patch Rejecting attachment 335306 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-02', 'land-attachment', '--force-clean', '--non-interactive', '--parent-command=commit-queue', 335306, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: rdparty/autoinstalled/mechanize/_urllib2_fork.py", line 332, in _call_chain result = func(*args) File "/Volumes/Data/EWS/WebKit/Tools/Scripts/webkitpy/thirdparty/autoinstalled/mechanize/_urllib2_fork.py", line 1170, in https_open return self.do_open(conn_factory, req) File "/Volumes/Data/EWS/WebKit/Tools/Scripts/webkitpy/thirdparty/autoinstalled/mechanize/_urllib2_fork.py", line 1118, in do_open raise URLError(err) urllib2.URLError: <urlopen error [Errno 60] Operation timed out> Full output: http://webkit-queues.webkit.org/results/6858890

WebKit Commit Bot

Comment 4 2018-03-08 10:42:03 PST

Comment on attachment 335306 [details] Patch Rejecting attachment 335306 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 335306, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: arsed 2 diffs from patch file(s). patching file Source/WebKitLegacy/mac/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file Source/WebKitLegacy/mac/WebCoreSupport/WebFrameNetworkingContext.mm Hunk #1 FAILED at 93. 1 out of 1 hunk FAILED -- saving rejects to file Source/WebKitLegacy/mac/WebCoreSupport/WebFrameNetworkingContext.mm.rej Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Youenn Fablet']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Full output: http://webkit-queues.webkit.org/results/6859146

Chris Dumez

Comment 5 2018-03-08 10:43:51 PST

Apparently got committed anyway in r229414.

Aakash Jain

Comment 6 2018-03-08 11:18:55 PST

(In reply to WebKit Commit Bot from comment #3) > mechanize/_urllib2_fork.py", line 1118, in do_open > raise URLError(err) > urllib2.URLError: <urlopen error [Errno 60] Operation timed out> > > Full output: http://webkit-queues.webkit.org/results/6858890 Tracking commit-queue issue in https://bugs.webkit.org/show_bug.cgi?id=183463

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Chris Dumez

Reported

2018-03-08 09:25 PST

Modified

2018-03-08 11:18 PST History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks