187012 – Null dereference crash un ApplicationCacheGroup::startLoadingEntry()

RESOLVED FIXED 187012

Null dereference crash un ApplicationCacheGroup::startLoadingEntry()

https://bugs.webkit.org/show_bug.cgi?id=187012

Summary Null dereference crash un ApplicationCacheGroup::startLoadingEntry()

Chris Dumez

Reported 2018-06-25 13:11:10 PDT

Null dereference crash un ApplicationCacheGroup::startLoadingEntry(): Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebCore 0x00000001a08e79e0 WTF::Function<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>::CallableWrapper<WebCore::ApplicationCacheGroup::startLoadingEntry()::$_1>::call(std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&) + 76 (CachedResourceHandle.h:38) 1 WebCore 0x00000001a08d9604 WebCore::ApplicationCacheResourceLoader::create(unsigned int, WebCore::CachedResourceLoader&, WebCore::ResourceRequest&&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>&&) + 416 (Function.h:56) 2 WebCore 0x00000001a08d9604 WebCore::ApplicationCacheResourceLoader::create(unsigned int, WebCore::CachedResourceLoader&, WebCore::ResourceRequest&&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>&&) + 416 (Function.h:56) 3 WebCore 0x00000001a08da1d8 WebCore::ApplicationCacheGroup::startLoadingEntry() + 672 (ApplicationCacheGroup.cpp:906) 4 WebCore 0x00000001a08d9cf8 WebCore::ApplicationCacheGroup::didFinishLoadingEntry(WebCore::URL const&) + 1260 (RefCounted.h:0) 5 WebCore 0x00000001a08df6f4 WebCore::ApplicationCacheResourceLoader::notifyFinished(WebCore::CachedResource&) + 144 (Function.h:56) 6 WebCore 0x000000019f9128ac WebCore::CachedResource::checkNotify() + 296 (CachedResource.cpp:341) 7 WebCore 0x00000001a08f382c WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 608 (CachedResource.cpp:357) 8 WebCore 0x00000001a08ccf80 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 528 (SubresourceLoader.cpp:637) 9 WebKit 0x00000001a68dde60 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) + 228 (WebResourceLoader.cpp:160) 10 WebKit 0x00000001a68def4c void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) + 92 (HandleMessage.h:40) 11 WebKit 0x00000001a66ca6f4 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 520 (NetworkProcessConnection.cpp:72) 12 WebKit 0x00000001a663392c IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164 (Connection.cpp:906) 13 WebKit 0x00000001a663630c IPC::Connection::dispatchOneMessage() + 232 (Connection.cpp:964) 14 JavaScriptCore 0x000000019e3c6b44 WTF::RunLoop::performWork() + 340 (Function.h:56) 15 JavaScriptCore 0x000000019e3c6dcc WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 16 CoreFoundation 0x00000001967bd900 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1980) 17 CoreFoundation 0x00000001967bd880 __CFRunLoopDoSource0 + 88 (CFRunLoop.c:2015) 18 CoreFoundation 0x00000001967bd15c __CFRunLoopDoSources0 + 176 (CFRunLoop.c:2051) 19 CoreFoundation 0x00000001967bae1c __CFRunLoopRun + 1048 (CFRunLoop.c:2922) 20 CoreFoundation 0x00000001966f4abc CFRunLoopRunSpecific + 436 (CFRunLoop.c:3247) 21 Foundation 0x0000000197170544 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 300 (NSRunLoop.m:367) 22 Foundation 0x00000001971e1920 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:389) 23 libxpc.dylib 0x000000019647f854 _xpc_objc_main + 516 (main.m:170) 24 libxpc.dylib 0x0000000196481944 xpc_main + 180 (init.c:1476) 25 com.apple.WebKit.WebContent 0x00000001048375ac main + 380 (XPCServiceMain.mm:160) 26 libdyld.dylib 0x000000019626e4cc 0x19626d000 + 5324

Attachments
Patch (2.66 KB, patch) 2018-06-25 13:26 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (2.81 KB, patch) 2018-06-25 13:34 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2018-06-25 13:11:28 PDT

<rdar://problem/40793716>

Chris Dumez

Comment 2 2018-06-25 13:26:44 PDT

Created attachment 343532 [details] Patch

youenn fablet

Comment 3 2018-06-25 13:31:59 PDT

Comment on attachment 343532 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=343532&action=review > Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:907 > + m_entryLoader = ApplicationCacheResourceLoader::create(m_pendingEntries.begin()->value, documentLoader.cachedResourceLoader(), WTFMove(request), [this, requestURL] (auto&& resourceOrError) { We should probably [this, requestURL = WTFMove(requestURL)] > Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:912 > + this->didFailLoadingEntry(error, m_entryLoader ? m_entryLoader->resource()->url() : requestURL); Can we just always use requestURL?

Chris Dumez

Comment 4 2018-06-25 13:34:59 PDT

Created attachment 343533 [details] Patch

WebKit Commit Bot

Comment 5 2018-06-25 14:04:25 PDT

The commit-queue encountered the following flaky tests while processing attachment 343533 [details]: performance-api/performance-observer-no-document-leak.html bug 187015 (author: cdumez@apple.com) The commit-queue is continuing to process your patch.

WebKit Commit Bot

Comment 6 2018-06-25 14:05:03 PDT

Comment on attachment 343533 [details] Patch Clearing flags on attachment: 343533 Committed r233171: <https://trac.webkit.org/changeset/233171>

WebKit Commit Bot

Comment 7 2018-06-25 14:05:04 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Page Loading

Assignee

Chris Dumez

Reported

2018-06-25 13:11 PDT

Modified

2018-06-25 14:05 PDT History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks