188479 – Crash under NetworkResourceLoader::convertToDownload()

Bug 188479 - Crash under NetworkResourceLoader::convertToDownload()

Summary: Crash under NetworkResourceLoader::convertToDownload()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-08-10 14:01 PDT by Chris Dumez
Modified:	2018-08-10 16:03 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (5.77 KB, patch) 2018-08-10 14:07 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (7.45 KB, patch) 2018-08-10 14:45 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (8.36 KB, patch) 2018-08-10 15:36 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2018-08-10 14:01:11 PDT

Crash under NetworkResourceLoader::convertToDownload() when converting a load that came from the HTTP disk cache to a download because m_networkLoad is null:
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000008
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

VM Regions Near 0x8:
--> 
    __TEXT                 0000000102e39000-0000000102e3b000 [    8K] r-x/rwx SM=COW  /Applications/Safari Technology Preview.app/Contents/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebKit              	0x0000000102f76a74 WebKit::NetworkLoad::isAllowedToAskUserForCredentials() const + 4
1   com.apple.WebKit              	0x0000000102fb3784 WebKit::PendingDownload::PendingDownload(std::__1::unique_ptr<WebKit::NetworkLoad, std::__1::default_delete<WebKit::NetworkLoad> >&&, WebKit::DownloadID, WebCore::ResourceRequest const&, WebCore::ResourceResponse const&) + 84
2   com.apple.WebKit              	0x0000000102f01296 WebKit::DownloadManager::convertNetworkLoadToDownload(WebKit::DownloadID, std::__1::unique_ptr<WebKit::NetworkLoad, std::__1::default_delete<WebKit::NetworkLoad> >&&, WTF::Vector<WTF::RefPtr<WebCore::BlobDataFileReference, WTF::DumbPtrTraits<WebCore::BlobDataFileReference> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WebCore::ResourceRequest const&, WebCore::ResourceResponse const&) + 74
3   com.apple.WebKit              	0x0000000102f8cd3c WebKit::NetworkResourceLoader::convertToDownload(WebKit::DownloadID, WebCore::ResourceRequest const&, WebCore::ResourceResponse const&) + 90
4   com.apple.WebKit              	0x0000000102f6969b void IPC::handleMessage<Messages::NetworkConnectionToWebProcess::ConvertMainResourceLoadToDownload, WebKit::NetworkConnectionToWebProcess, void (WebKit::NetworkConnectionToWebProcess::*)(PAL::SessionID, unsigned long long, WebKit::DownloadID, WebCore::ResourceRequest const&, WebCore::ResourceResponse const&)>(IPC::Decoder&, WebKit::NetworkConnectionToWebProcess*, void (WebKit::NetworkConnectionToWebProcess::*)(PAL::SessionID, unsigned long long, WebKit::DownloadID, WebCore::ResourceRequest const&, WebCore::ResourceResponse const&)) + 185
5   com.apple.WebKit              	0x0000000102ef50ed IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 119
6   com.apple.WebKit              	0x0000000102ef7d7b IPC::Connection::dispatchOneMessage() + 175
7   com.apple.JavaScriptCore      	0x0000000106ac7b14 WTF::RunLoop::performWork() + 212
8   com.apple.JavaScriptCore      	0x0000000106ac7d92 WTF::RunLoop::performWork(void*) + 34
9   com.apple.CoreFoundation      	0x00007fffaf5be321 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
10  com.apple.CoreFoundation      	0x00007fffaf59f21d __CFRunLoopDoSources0 + 557
11  com.apple.CoreFoundation      	0x00007fffaf59e716 __CFRunLoopRun + 934
12  com.apple.CoreFoundation      	0x00007fffaf59e114 CFRunLoopRunSpecific + 420
13  com.apple.Foundation          	0x00007fffb0fb1252 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 277
14  com.apple.Foundation          	0x00007fffb0fb112a -[NSRunLoop(NSRunLoop) run] + 76
15  libxpc.dylib                  	0x00007fffc4f7789b _xpc_objc_main + 731
16  libxpc.dylib                  	0x00007fffc4f762e4 xpc_main + 494
17  com.apple.WebKit.Networking   	0x102e3a695 main + 492 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebKit2/WebKit2-7606.1.11.2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:148)
18  libdyld.dylib                 	0x00007fffc4d1e235 start + 1

Comment 1 Chris Dumez 2018-08-10 14:01:37 PDT

<rdar://problem/42201724>

Comment 2 Chris Dumez 2018-08-10 14:07:47 PDT

Created attachment 346922 [details]
Patch

Comment 3 Chris Dumez 2018-08-10 14:45:20 PDT

Created attachment 346930 [details]
Patch

Comment 4 Chris Dumez 2018-08-10 15:36:14 PDT

Created attachment 346934 [details]
Patch

Comment 5 WebKit Commit Bot 2018-08-10 16:03:32 PDT

Comment on attachment 346934 [details]
Patch

Clearing flags on attachment: 346934

Committed r234776: <https://trac.webkit.org/changeset/234776>

Comment 6 WebKit Commit Bot 2018-08-10 16:03:34 PDT

All reviewed patches have been landed.  Closing bug.