While investigating Bug 187008 I found that some WebKitLegacy clients trigger recursive loads while cancelling the loading of web content into a WebView. This has the following impacts: 1. FrameLoader::continueLoadAfterNavigationPolicy gets entered with a nullptr Policy Document Loader as well as a nullptr Provisional Document Loader. If we continue in this state, we hit a ton of assertions, and eventually crash with a nullptr exception. If we return early, the cancel and alternate page load complete properly. 2. WebFrameLoaderClient::dispatchDidStartProvisionalLoad can be re-entered which triggers a set of assertions and eventually a nullptr dereference. If we keep track of whether we have started a load on the current client object, and return early in those cases, the cancel and alternate page load complete properly.
<rdar://problem/41259430>
Created attachment 343765 [details] Patch
Comment on attachment 343765 [details] Patch Attachment 343765 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/8365540 New failing tests: http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html
Created attachment 343783 [details] Archive of layout-test-results from ews202 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews202 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Created attachment 343934 [details] Patch
Comment on attachment 343934 [details] Patch Attachment 343934 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/8387296 New failing tests: http/tests/security/local-video-source-from-remote.html
Created attachment 343949 [details] Archive of layout-test-results from ews200 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews200 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Comment on attachment 343934 [details] Patch r=me
Comment on attachment 343934 [details] Patch Clearing flags on attachment: 343934 Committed r233374: <https://trac.webkit.org/changeset/233374>
All reviewed patches have been landed. Closing bug.