187012 – Null dereference crash un ApplicationCacheGroup::startLoadingEntry()

Bug 187012 - Null dereference crash un ApplicationCacheGroup::startLoadingEntry()

Summary: Null dereference crash un ApplicationCacheGroup::startLoadingEntry()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-06-25 13:11 PDT by Chris Dumez
Modified:	2018-06-25 14:05 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (2.66 KB, patch) 2018-06-25 13:26 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (2.81 KB, patch) 2018-06-25 13:34 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2018-06-25 13:11:10 PDT

Null dereference crash un ApplicationCacheGroup::startLoadingEntry():
Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   WebCore                       	0x00000001a08e79e0 WTF::Function<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>::CallableWrapper<WebCore::ApplicationCacheGroup::startLoadingEntry()::$_1>::call(std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&) + 76 (CachedResourceHandle.h:38)
1   WebCore                       	0x00000001a08d9604 WebCore::ApplicationCacheResourceLoader::create(unsigned int, WebCore::CachedResourceLoader&, WebCore::ResourceRequest&&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>&&) + 416 (Function.h:56)
2   WebCore                       	0x00000001a08d9604 WebCore::ApplicationCacheResourceLoader::create(unsigned int, WebCore::CachedResourceLoader&, WebCore::ResourceRequest&&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>&&) + 416 (Function.h:56)
3   WebCore                       	0x00000001a08da1d8 WebCore::ApplicationCacheGroup::startLoadingEntry() + 672 (ApplicationCacheGroup.cpp:906)
4   WebCore                       	0x00000001a08d9cf8 WebCore::ApplicationCacheGroup::didFinishLoadingEntry(WebCore::URL const&) + 1260 (RefCounted.h:0)
5   WebCore                       	0x00000001a08df6f4 WebCore::ApplicationCacheResourceLoader::notifyFinished(WebCore::CachedResource&) + 144 (Function.h:56)
6   WebCore                       	0x000000019f9128ac WebCore::CachedResource::checkNotify() + 296 (CachedResource.cpp:341)
7   WebCore                       	0x00000001a08f382c WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 608 (CachedResource.cpp:357)
8   WebCore                       	0x00000001a08ccf80 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 528 (SubresourceLoader.cpp:637)
9   WebKit                        	0x00000001a68dde60 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) + 228 (WebResourceLoader.cpp:160)
10  WebKit                        	0x00000001a68def4c void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) + 92 (HandleMessage.h:40)
11  WebKit                        	0x00000001a66ca6f4 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 520 (NetworkProcessConnection.cpp:72)
12  WebKit                        	0x00000001a663392c IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164 (Connection.cpp:906)
13  WebKit                        	0x00000001a663630c IPC::Connection::dispatchOneMessage() + 232 (Connection.cpp:964)
14  JavaScriptCore                	0x000000019e3c6b44 WTF::RunLoop::performWork() + 340 (Function.h:56)
15  JavaScriptCore                	0x000000019e3c6dcc WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
16  CoreFoundation                	0x00000001967bd900 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1980)
17  CoreFoundation                	0x00000001967bd880 __CFRunLoopDoSource0 + 88 (CFRunLoop.c:2015)
18  CoreFoundation                	0x00000001967bd15c __CFRunLoopDoSources0 + 176 (CFRunLoop.c:2051)
19  CoreFoundation                	0x00000001967bae1c __CFRunLoopRun + 1048 (CFRunLoop.c:2922)
20  CoreFoundation                	0x00000001966f4abc CFRunLoopRunSpecific + 436 (CFRunLoop.c:3247)
21  Foundation                    	0x0000000197170544 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 300 (NSRunLoop.m:367)
22  Foundation                    	0x00000001971e1920 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:389)
23  libxpc.dylib                  	0x000000019647f854 _xpc_objc_main + 516 (main.m:170)
24  libxpc.dylib                  	0x0000000196481944 xpc_main + 180 (init.c:1476)
25  com.apple.WebKit.WebContent   	0x00000001048375ac main + 380 (XPCServiceMain.mm:160)
26  libdyld.dylib                 	0x000000019626e4cc 0x19626d000 + 5324

Comment 1 Chris Dumez 2018-06-25 13:11:28 PDT

<rdar://problem/40793716>

Comment 2 Chris Dumez 2018-06-25 13:26:44 PDT

Created attachment 343532 [details]
Patch

Comment 3 youenn fablet 2018-06-25 13:31:59 PDT

Comment on attachment 343532 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=343532&action=review

> Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:907
> +    m_entryLoader = ApplicationCacheResourceLoader::create(m_pendingEntries.begin()->value, documentLoader.cachedResourceLoader(), WTFMove(request), [this, requestURL] (auto&& resourceOrError) {

We should probably [this, requestURL = WTFMove(requestURL)]

> Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:912
> +            this->didFailLoadingEntry(error, m_entryLoader ? m_entryLoader->resource()->url() : requestURL);

Can we just always use requestURL?

Comment 4 Chris Dumez 2018-06-25 13:34:59 PDT

Created attachment 343533 [details]
Patch

Comment 5 WebKit Commit Bot 2018-06-25 14:04:25 PDT

The commit-queue encountered the following flaky tests while processing attachment 343533 [details]:

performance-api/performance-observer-no-document-leak.html bug 187015 (author: cdumez@apple.com)
The commit-queue is continuing to process your patch.

Comment 6 WebKit Commit Bot 2018-06-25 14:05:03 PDT

Comment on attachment 343533 [details]
Patch

Clearing flags on attachment: 343533

Committed r233171: <https://trac.webkit.org/changeset/233171>

Comment 7 WebKit Commit Bot 2018-06-25 14:05:04 PDT

All reviewed patches have been landed.  Closing bug.