WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
193915
Regression(PSON) Crash under WebPageProxy::didStartProgress()
https://bugs.webkit.org/show_bug.cgi?id=193915
Summary
Regression(PSON) Crash under WebPageProxy::didStartProgress()
Chris Dumez
Reported
2019-01-28 11:04:43 PST
Crash under WebPageProxy::didStartProgress(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000008) [ 0] 0x00007fff49942e96 WebKit`WTF::WeakPtrFactory<WebKit::PageClient>::createWeakPtr(WebKit::PageClient&) const [inlined] WTF::RefPtr<WTF::WeakReference<WebKit::PageClient>, WTF::DumbPtrTraits<WTF::WeakReference<WebKit::PageClient> > >::operator!() const at RefPtr.h:81:38 0x00007fff49942e8e: pushq %rbx 0x00007fff49942e8f: pushq %rax 0x00007fff49942e90: movq %rsi, %rbx 0x00007fff49942e93: movq %rdi, %r14 -> 0x00007fff49942e96: cmpq $0x0, (%rsi) 0x00007fff49942e9a: jne 0x259ec8 ; <+66> [inlined] WTF::DumbPtrTraits<WTF::WeakReference<WebKit::PageClient> >::unwrap(WTF::WeakReference<WebKit::PageClient>* const&) at RefPtr.h:78 0x00007fff49942e9c: movq %rdx, %r15 0x00007fff49942e9f: movl $0x10, %edi 0x00007fff49942ea4: callq 0x45b3fc ; symbol stub for: WTF::fastMalloc(unsigned long) [ 0] 0x00007fff49942e96 WebKit`WTF::WeakPtrFactory<WebKit::PageClient>::createWeakPtr(WebKit::PageClient&) const + 16 at WeakPtr.h:108 [ 1] 0x00007fff49700053 WebKit`WebKit::WebPageProxy::didStartProgress() [inlined] WTF::WeakPtr<WebKit::PageClient> WTF::makeWeakPtr<WebKit::PageClient>(WebKit::PageClient&) + 15 at WeakPtr.h:178:72 [ 1] 0x00007fff49700044 WebKit`WebKit::WebPageProxy::didStartProgress() [inlined] WebKit::PageClientProtector::PageClientProtector(WebKit::PageClient&) at WebPageProxy.cpp:376 372 class PageClientProtector { 373 WTF_MAKE_NONCOPYABLE(PageClientProtector); 374 public: 375 PageClientProtector(PageClient& pageClient) -> 376 : m_pageClient(makeWeakPtr(pageClient)) 377 { 378 m_pageClient->refView(); 379 } 380 [ 1] 0x00007fff49700044 WebKit`WebKit::WebPageProxy::didStartProgress() [inlined] WebKit::PageClientProtector::PageClientProtector(WebKit::PageClient&) at WebPageProxy.cpp:377 373 WTF_MAKE_NONCOPYABLE(PageClientProtector); 374 public: 375 PageClientProtector(PageClient& pageClient) 376 : m_pageClient(makeWeakPtr(pageClient)) -> 377 { 378 m_pageClient->refView(); 379 } 380 381 ~PageClientProtector() [ 1] 0x00007fff49700044 WebKit`WebKit::WebPageProxy::didStartProgress() + 24 at WebPageProxy.cpp:3712 3708 } 3709 3710 void WebPageProxy::didStartProgress() 3711 { -> 3712 PageClientProtector protector(pageClient()); 3713 3714 auto transaction = m_pageLoadState.transaction(); 3715 m_pageLoadState.didStartProgress(transaction); 3716 [ 2] 0x00007fff497687c3 WebKit`IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 125 at MessageReceiverMap.cpp:123:26 119 return true; 120 } 121 122 if (MessageReceiver* messageReceiver = m_messageReceivers.get(std::make_pair(decoder.messageReceiverName(), decoder.destinationID()))) { -> 123 messageReceiver->didReceiveMessage(connection, decoder); 124 return true; 125 } 126 127 return false; [ 3] 0x00007fff4993c163 WebKit`WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 23 at WebProcessProxy.cpp:646:9 642 #endif 643 644 void WebProcessProxy::didReceiveMessage(IPC::Connection& connection, IPC::Decoder& decoder) 645 { -> 646 if (dispatchMessage(connection, decoder)) 647 return; 648 649 if (m_processPool->dispatchMessage(connection, decoder)) 650 return; [ 4] 0x00007fff497584d7 WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 107 at Connection.cpp:1005:9 1001 1002 if (message->isSyncMessage()) 1003 dispatchSyncMessage(*message); 1004 else -> 1005 dispatchMessage(*message); 1006 1007 m_didReceiveInvalidMessage |= message->isInvalid(); 1008 m_inDispatchMessageCount--; 1009
Attachments
Patch
(4.73 KB, patch)
2019-01-28 11:11 PST
,
Chris Dumez
achristensen
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2019-01-28 11:04:59 PST
<
rdar://problem/47560907
>
Chris Dumez
Comment 2
2019-01-28 11:11:57 PST
Created
attachment 360358
[details]
Patch
Chris Dumez
Comment 3
2019-01-28 13:37:27 PST
https://trac.webkit.org/r240599
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug