Bug 191331 - Crash in WebCore::PaymentRequest::canMakePayment when Apple Pay payment method data is missing
Summary: Crash in WebCore::PaymentRequest::canMakePayment when Apple Pay payment metho...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Mac Unspecified
: P2 Blocker
Assignee: Andy Estes
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-11-06 14:34 PST by Andy Estes
Modified: 2018-11-07 15:50 PST (History)
10 users (show)

See Also:


Attachments
Patch (5.36 KB, patch)
2018-11-07 14:05 PST, Andy Estes
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andy Estes 2018-11-06 14:34:04 PST
Visit https://w3c-test.org/payment-request/payment-request-canmakepayment-method.https.html in Safari.

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000005
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [97511]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x00000001110fcbc6 JSC::JSCell::getObject() + 6
1   com.apple.WebCore             	0x000000010e9f1d87 WebCore::ApplePayRequest WebCore::convertDictionary<WebCore::ApplePayRequest>(JSC::ExecState&, JSC::JSValue) + 119
2   com.apple.WebCore             	0x000000010ea04ad7 WebCore::ApplePayPaymentHandler::convertData(JSC::JSValue&&) + 71
3   com.apple.WebCore             	0x000000010eb0da53 WebCore::PaymentRequest::canMakePayment(WebCore::Document&, WebCore::DOMPromiseDeferred<WebCore::IDLBoolean>&&) + 307
4   com.apple.WebCore             	0x000000010e73a2b3 WebCore::jsPaymentRequestPrototypeFunctionCanMakePayment(JSC::ExecState*) + 307
5   ???                           	0x00002575cb801177 0 + 41187855569271
6   com.apple.JavaScriptCore      	0x00000001114416a2 llint_entry + 61871
7   com.apple.JavaScriptCore      	0x00000001114416a2 llint_entry + 61871
8   com.apple.JavaScriptCore      	0x00000001114416a2 llint_entry + 61871
9   com.apple.JavaScriptCore      	0x0000000111441fd1 llint_entry + 64222
10  com.apple.JavaScriptCore      	0x00000001114416a2 llint_entry + 61871
11  com.apple.JavaScriptCore      	0x00000001114416a2 llint_entry + 61871
12  com.apple.JavaScriptCore      	0x0000000111432339 vmEntryToJavaScript + 200
13  com.apple.JavaScriptCore      	0x00000001110f7de5 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 469
14  com.apple.JavaScriptCore      	0x00000001110f7bfe JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 62
15  com.apple.JavaScriptCore      	0x0000000111c4c62d JSC::JSPromise::initialize(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSValue) + 205
16  com.apple.JavaScriptCore      	0x0000000111c4ce7e JSC::constructPromise(JSC::ExecState*) + 174
17  ???                           	0x00002575cb8010cd 0 + 41187855569101
18  com.apple.JavaScriptCore      	0x0000000111441de2 llint_entry + 63727
19  com.apple.JavaScriptCore      	0x00000001114416a2 llint_entry + 61871
20  com.apple.JavaScriptCore      	0x0000000111432339 vmEntryToJavaScript + 200
21  com.apple.JavaScriptCore      	0x00000001110f7de5 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 469
22  com.apple.JavaScriptCore      	0x0000000111b78db4 JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 196
23  com.apple.JavaScriptCore      	0x0000000111c313ad JSC::JSMicrotask::run(JSC::ExecState*) + 461
24  com.apple.WebCore             	0x000000010ebf1224 WebCore::JSExecState::runTask(JSC::ExecState*, JSC::Microtask&) + 68
25  com.apple.WebCore             	0x000000010ebf84a3 WebCore::JSMicrotaskCallback::call() + 67
26  com.apple.WebCore             	0x000000010edd05df WebCore::ActiveDOMCallbackMicrotask::run() + 47
27  com.apple.WebCore             	0x000000010ee42459 WebCore::MicrotaskQueue::performMicrotaskCheckpoint() + 137
28  com.apple.WebCore             	0x000000010ebfd0c3 WebCore::JSExecState::didLeaveScriptContext(JSC::ExecState*) + 35
29  com.apple.WebCore             	0x000000010ec1168b WebCore::JSExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 123
30  com.apple.WebCore             	0x000000010ec114cf WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 207
31  com.apple.WebCore             	0x000000010ee6b6d3 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 563
32  com.apple.WebCore             	0x000000010e07045c WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1228
33  com.apple.WebCore             	0x000000010f0427b9 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) + 89
34  com.apple.WebCore             	0x000000010f042710 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::DumbPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&) + 48
35  com.apple.WebCore             	0x000000010e06feb1 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 369
36  com.apple.WebCore             	0x000000010f0398d7 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) + 599
37  com.apple.WebCore             	0x000000010e0288c4 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 116
38  com.apple.WebCore             	0x000000010e093310 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 128
39  com.apple.WebCore             	0x000000010f03a284 WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) + 84
40  com.apple.WebCore             	0x000000010ee57b63 WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&) + 35
41  com.apple.WebCore             	0x000000010ee3fa0c WebCore::LoadableScript::notifyClientFinished() + 300
42  com.apple.WebCore             	0x000000010ee3f79e WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&) + 1086
43  com.apple.WebCore             	0x000000010e077d0c WebCore::CachedResource::checkNotify() + 332
44  com.apple.WebCore             	0x000000010f14229d WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 541
45  com.apple.WebKit              	0x000000010d5ab615 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) + 211
46  com.apple.WebKit              	0x000000010d676115 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 749
47  com.apple.WebKit              	0x000000010d5a5693 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 625
48  com.apple.WebKit              	0x000000010d2b3be2 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 108
49  com.apple.WebKit              	0x000000010d2b72f6 IPC::Connection::dispatchOneIncomingMessage() + 180
50  com.apple.JavaScriptCore      	0x000000011128df19 WTF::RunLoop::performWork() + 313
51  com.apple.JavaScriptCore      	0x000000011128e152 WTF::RunLoop::performWork(void*) + 34
52  com.apple.CoreFoundation      	0x00007fff50991155 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
53  com.apple.CoreFoundation      	0x00007fff509910fb __CFRunLoopDoSource0 + 108
54  com.apple.CoreFoundation      	0x00007fff50974b95 __CFRunLoopDoSources0 + 195
55  com.apple.CoreFoundation      	0x00007fff5097413e __CFRunLoopRun + 1219
56  com.apple.CoreFoundation      	0x00007fff50973a28 CFRunLoopRunSpecific + 463
57  com.apple.Foundation          	0x00007fff52da03ba -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
58  com.apple.Foundation          	0x00007fff52da028f -[NSRunLoop(NSRunLoop) run] + 76
59  libxpc.dylib                  	0x00007fff7e573ee6 _xpc_objc_main + 555
60  libxpc.dylib                  	0x00007fff7e5739e5 xpc_main + 433
61  com.apple.WebKit.WebContent   	0x000000010d23c630 0x10d23b000 + 5680
62  com.apple.WebKit.WebContent   	0x000000010d23c7b7 0x10d23b000 + 6071
63  libdyld.dylib                 	0x00007fff7e33cef9 start + 1
Comment 1 Andy Estes 2018-11-07 14:05:28 PST
Created attachment 354147 [details]
Patch
Comment 2 WebKit Commit Bot 2018-11-07 15:49:36 PST
Comment on attachment 354147 [details]
Patch

Clearing flags on attachment: 354147

Committed r237947: <https://trac.webkit.org/changeset/237947>
Comment 3 WebKit Commit Bot 2018-11-07 15:49:37 PST
All reviewed patches have been landed.  Closing bug.
Comment 4 Radar WebKit Bug Importer 2018-11-07 15:50:33 PST
<rdar://problem/45892863>