187661 – Crash under ApplicationCacheGroup::didFailLoadingEntry()

Bug 187661 - Crash under ApplicationCacheGroup::didFailLoadingEntry()

Summary: Crash under ApplicationCacheGroup::didFailLoadingEntry()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-07-13 14:08 PDT by Chris Dumez
Modified:	2018-07-13 15:58 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (4.95 KB, patch) 2018-07-13 14:11 PDT, Chris Dumez	youennf: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2018-07-13 14:08:40 PDT

Crash under ApplicationCacheGroup::didFailLoadingEntry():
Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x000000000000000c)
[  0] 0x000000023b8396c4 WebCore`WebCore::ApplicationCacheGroup::didFailLoadingEntry(WebCore::ApplicationCacheResourceLoader::Error, WebCore::URL const&) [inlined] WebCore::ApplicationCacheResourceLoader::type() const at ApplicationCacheResourceLoader.h:51:36
       47  	    void cancel(Error = Error::Abort);
       48  	
       49  	    const CachedResource* resource() const { return m_resource.get(); }
       50  	    bool hasRedirection() const { return m_hasRedirection; }
    -> 51  	    unsigned type() const { return m_type; }
       52  	
       53  	private:
       54  	    explicit ApplicationCacheResourceLoader(unsigned, CachedResourceHandle<CachedRawResource>&&, CompletionHandler<void(ResourceOrError&&)>&&);
       55  	
    

     0x000000023b8396b4:      ldr x1, [x19, #0xf8]
     0x000000023b8396b8:      add x3, sp, #0x40        ; =0x40 
     0x000000023b8396bc:       bl 0xf3ab5c             ; WebCore::InspectorInstrumentation::didFailLoadingImpl at InspectorInstrumentation.cpp:609
     0x000000023b8396c0:      ldr x8, [x19, #0xf0]
 ->  0x000000023b8396c4:      ldr w20, [x8, #0xc]
     0x000000023b8396c8:      ldr x8, [x22]
     0x000000023b8396cc:      str x8, [sp, #0x10]
     0x000000023b8396d0:      cbz x8, 0x100d6e0        ; <+164> [inlined] WebCore::URL::URL(WebCore::URL const&) + 24 at URL.h:55
     0x000000023b8396d4:      ldr w9, [x8]

[  0] 0x000000023b8396c4 WebCore`WebCore::ApplicationCacheGroup::didFailLoadingEntry(WebCore::ApplicationCacheResourceLoader::Error, WebCore::URL const&) + 136 at ApplicationCacheGroup.cpp:548
       544 	    ResourceError resourceError { error == ApplicationCacheResourceLoader::Error::CannotCreateResource ? ResourceError::Type::AccessControl : ResourceError::Type::General };
       545 	
       546 	    InspectorInstrumentation::didFailLoading(m_frame, m_frame->loader().documentLoader(), m_currentResourceIdentifier, resourceError);
       547 	
    -> 548 	    unsigned type = m_entryLoader->type();
       549 	    URL url(entryURL);
       550 	    url.removeFragmentIdentifier();
       551 	
       552 	    ASSERT(!m_currentResource || !m_pendingEntries.contains(url));
    
[  1] 0x000000023b8396bf WebCore`WebCore::ApplicationCacheGroup::didFailLoadingEntry(WebCore::ApplicationCacheResourceLoader::Error, WebCore::URL const&) [inlined] WebCore::InspectorInstrumentation::didFailLoading(WebCore::Frame*, WebCore::DocumentLoader*, unsigned long, WebCore::ResourceError const&) + 43 at InspectorInstrumentation.h:983:9
       979 	
       980 	inline void InspectorInstrumentation::didFailLoading(Frame* frame, DocumentLoader* loader, unsigned long identifier, const ResourceError& error)
       981 	{
       982 	    if (InstrumentingAgents* instrumentingAgents = instrumentingAgentsForFrame(frame))
    -> 983 	        didFailLoadingImpl(*instrumentingAgents, identifier, loader, error);
       984 	}
       985 	
       986 	inline void InspectorInstrumentation::didFailLoading(WorkerGlobalScope& workerGlobalScope, unsigned long identifier, const ResourceError& error)
       987 	{
    
[  1] 0x000000023b839694 WebCore`WebCore::ApplicationCacheGroup::didFailLoadingEntry(WebCore::ApplicationCacheResourceLoader::Error, WebCore::URL const&) + 88 at ApplicationCacheGroup.cpp:546
       542 	{
       543 	    // FIXME: We should get back the error from ApplicationCacheResourceLoader level.
       544 	    ResourceError resourceError { error == ApplicationCacheResourceLoader::Error::CannotCreateResource ? ResourceError::Type::AccessControl : ResourceError::Type::General };
       545 	
    -> 546 	    InspectorInstrumentation::didFailLoading(m_frame, m_frame->loader().documentLoader(), m_currentResourceIdentifier, resourceError);
       547 	
       548 	    unsigned type = m_entryLoader->type();
       549 	    URL url(entryURL);
       550 	    url.removeFragmentIdentifier();
    
[  2] 0x000000023b8388f3 WebCore`WebCore::ApplicationCacheResourceLoader::create(unsigned int, WebCore::CachedResourceLoader&, WebCore::ResourceRequest&&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>&&) [inlined] WTF::Function<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>::operator()(std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&) const + 19 at Function.h:56:35
[  2] 0x000000023b8388e0 WebCore`WebCore::ApplicationCacheResourceLoader::create(unsigned int, WebCore::CachedResourceLoader&, WebCore::ResourceRequest&&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>&&) [inlined] WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>::operator()(std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&) const + 8 at CompletionHandler.h:60
[  2] 0x000000023b8388d8 WebCore`WebCore::ApplicationCacheResourceLoader::create(unsigned int, WebCore::CachedResourceLoader&, WebCore::ResourceRequest&&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<WebCore::ApplicationCacheResource, WTF::DumbPtrTraits<WebCore::ApplicationCacheResource> >, WebCore::ApplicationCacheResourceLoader::Error>&&)>&&) + 388 at ApplicationCacheResourceLoader.cpp:42

Comment 1 Chris Dumez 2018-07-13 14:08:52 PDT

<rdar://problem/42179755>

Comment 2 Chris Dumez 2018-07-13 14:11:36 PDT

Created attachment 344979 [details]
Patch

Comment 3 youenn fablet 2018-07-13 15:46:39 PDT

Comment on attachment 344979 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=344979&action=review

> Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:556
> +        m_frame->document()->addConsoleMessage(MessageSource::AppCache, MessageLevel::Error, "Application Cache update failed, because " + url.stringCenterEllipsizedToLength() + (m_entryLoader && m_entryLoader->hasRedirection() ? " was redirected." : " could not be fetched."));

makeString() ?

Comment 4 Chris Dumez 2018-07-13 15:54:23 PDT

Committed r233823: <https://trac.webkit.org/changeset/233823>