RESOLVED FIXED 187121
WebKitLegacy: Can trigger recursive loads triggering debug assertions 
https://bugs.webkit.org/show_bug.cgi?id=187121
Summary WebKitLegacy: Can trigger recursive loads triggering debug assertions
Brent Fulgham
Reported 2018-06-27 16:07:00 PDT
While investigating Bug 187008 I found that some WebKitLegacy clients trigger recursive loads while cancelling the loading of web content into a WebView. This has the following impacts: 1. FrameLoader::continueLoadAfterNavigationPolicy gets entered with a nullptr Policy Document Loader as well as a nullptr Provisional Document Loader. If we continue in this state, we hit a ton of assertions, and eventually crash with a nullptr exception. If we return early, the cancel and alternate page load complete properly. 2. WebFrameLoaderClient::dispatchDidStartProvisionalLoad can be re-entered which triggers a set of assertions and eventually a nullptr dereference. If we keep track of whether we have started a load on the current client object, and return early in those cases, the cancel and alternate page load complete properly.
Attachments
Patch (6.21 KB, patch)
2018-06-27 16:12 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews202 for win-future (12.94 MB, application/zip)
2018-06-27 19:51 PDT, EWS Watchlist 		no flags
Details
Patch (12.96 KB, patch)
2018-06-29 12:58 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews200 for win-future (12.84 MB, application/zip)
2018-06-29 15:07 PDT, EWS Watchlist 		no flags
Details
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2018-06-27 16:09:51 PDT
<rdar://problem/41259430>
Brent Fulgham
Comment 2 2018-06-27 16:12:40 PDT
Created attachment 343765 [details] Patch
EWS Watchlist
Comment 3 2018-06-27 19:51:08 PDT
Comment on attachment 343765 [details] Patch Attachment 343765 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/8365540 New failing tests: http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html
EWS Watchlist
Comment 4 2018-06-27 19:51:20 PDT
Created attachment 343783 [details] Archive of layout-test-results from ews202 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews202 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Chris Dumez
Comment 5 2018-06-29 12:58:35 PDT
Created attachment 343934 [details] Patch
EWS Watchlist
Comment 6 2018-06-29 15:07:07 PDT
Comment on attachment 343934 [details] Patch Attachment 343934 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/8387296 New failing tests: http/tests/security/local-video-source-from-remote.html
EWS Watchlist
Comment 7 2018-06-29 15:07:19 PDT
Created attachment 343949 [details] Archive of layout-test-results from ews200 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews200 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Brent Fulgham
Comment 8 2018-06-29 15:29:38 PDT
Comment on attachment 343934 [details] Patch r=me
WebKit Commit Bot
Comment 9 2018-06-29 15:56:36 PDT
Comment on attachment 343934 [details] Patch Clearing flags on attachment: 343934 Committed r233374: <https://trac.webkit.org/changeset/233374>
WebKit Commit Bot
Comment 10 2018-06-29 15:56:38 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.