WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
187654
WebResourceLoader may try to send a IPC with a destination ID that is 0
https://bugs.webkit.org/show_bug.cgi?id=187654
Summary
WebResourceLoader may try to send a IPC with a destination ID that is 0
Chris Dumez
Reported
2018-07-13 12:18:27 PDT
WebResourceLoader may try to send a IPC with a destination ID that is 0: Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000001, 0x00000001b067bee0 Termination Signal: Trace/BPT trap: 5 Termination Reason: Namespace SIGNAL, Code 0x5 Terminating Process: exc handler [5462] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebKit 0x00000001b067bee0 WebKit::WebResourceLoader::messageSenderDestinationID() + 56 (WebResourceLoader.cpp:77) 1 WebKit 0x00000001b067bebc WebKit::WebResourceLoader::messageSenderDestinationID() + 20 (WebResourceLoader.cpp:76) 2 WebKit 0x00000001b067cfa8 WTF::Function<void ()>::CallableWrapper<WebKit::WebResourceLoader::didReceiveResponse(WebCore::ResourceResponse const&, bool)::$_1>::call() + 48 (MessageSender.h:39) 3 WebCore 0x00000001aa41f584 WebCore::SubresourceLoader::didReceiveResponsePolicy() + 44 (Function.h:56) 4 WebCore 0x00000001aa3d86cc WTF::Function<void (WebCore::PolicyAction)>::CallableWrapper<WebCore::DocumentLoader::responseReceived(WebCore::ResourceResponse const&, WTF::CompletionHandler<void ()>&&)::$_7>::call(WebCore::PolicyAction) + 36 (DocumentLoader.cpp:838) 5 WebKit 0x00000001b056254c WebKit::WebFrame::invalidatePolicyListener() + 64 (Function.h:56) 6 WebCore 0x00000001aa3cdb70 WebCore::DocumentLoader::detachFromFrame() + 476 (DocumentLoader.cpp:1818) 7 WebCore 0x00000001aa3ee2cc WebCore::FrameLoader::clearProvisionalLoad() + 52 (FrameLoader.cpp:1898) 8 WebCore 0x00000001aa3ef760 WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 1716 (FrameLoader.cpp:2418) 9 WebCore 0x00000001aa3e7af8 WebCore::FrameLoader::checkLoadComplete() + 408 (FrameLoader.cpp:2629) 10 WebCore 0x00000001aa3f139c WebCore::FrameLoader::receivedMainResourceError(WebCore::ResourceError const&) + 324 (FrameLoader.cpp:3030) 11 WebCore 0x00000001aa44c5e8 WebCore::CachedResource::checkNotify() + 292 (CachedResource.cpp:341) 12 WebCore 0x00000001aa41fbe4 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) + 264 (SubresourceLoader.cpp:677) 13 WebKit 0x00000001b058a51c WebKit::WebLoaderStrategy::internallyFailedLoadTimerFired() + 92 (WebLoaderStrategy.cpp:362) 14 JavaScriptCore 0x00000001a7dee02c WTF::RunLoop::TimerBase::timerFired(__CFRunLoopTimer*, void*) + 44 (RunLoopCF.cpp:84) 15 CoreFoundation 0x00000001a00ef148 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28 (CFRunLoop.c:1830) 16 CoreFoundation 0x00000001a00eee74 __CFRunLoopDoTimer + 864 (CFRunLoop.c:2417) 17 CoreFoundation 0x00000001a00ee6a8 __CFRunLoopDoTimers + 248 (CFRunLoop.c:2564) 18 CoreFoundation 0x00000001a00e9558 __CFRunLoopRun + 1884 (CFRunLoop.c:0) 19 CoreFoundation 0x00000001a00e8ad8 CFRunLoopRunSpecific + 436 (CFRunLoop.c:3247) 20 Foundation 0x00000001a0ada314 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 300 (NSRunLoop.m:367) 21 Foundation 0x00000001a0b16328 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:389) 22 libxpc.dylib 0x000000019fdba078 _xpc_objc_main + 532 (main.m:170) 23 libxpc.dylib 0x000000019fdbcab8 xpc_main + 184 (init.c:1471) 24 com.apple.WebKit.WebContent 0x00000001009d759c main + 380 (XPCServiceMain.mm:160) 25 libdyld.dylib 0x000000019fba9dd8 0x19fba9000 + 3544 This can lead to HashMap corruption on recipient side when trying to lookup a key that is 0.
Attachments
Patch
(4.91 KB, patch)
2018-07-13 12:26 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2018-07-13 12:18:38 PDT
<
rdar://problem/39265927
>
Chris Dumez
Comment 2
2018-07-13 12:26:00 PDT
Created
attachment 344966
[details]
Patch
WebKit Commit Bot
Comment 3
2018-07-13 13:40:52 PDT
Comment on
attachment 344966
[details]
Patch Clearing flags on attachment: 344966 Committed
r233815
: <
https://trac.webkit.org/changeset/233815
>
WebKit Commit Bot
Comment 4
2018-07-13 13:40:53 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug