196479 – Nullptr crash in Document::open after calling policyChecker().stopCheck()

RESOLVED FIXED196479

Nullptr crash in Document::open after calling policyChecker().stopCheck()

https://bugs.webkit.org/show_bug.cgi?id=196479

Summary Nullptr crash in Document::open after calling policyChecker().stopCheck()

Ryosuke Niwa

Reported 2019-04-01 20:25:22 PDT

WebCore`WebCore::Document::open(WebCore::Document*) + 210 at Document.cpp:2647 2643 } 2644 2645 if (m_frame->loader().policyChecker().delegateIsDecidingNavigationPolicy()) 2646 m_frame->loader().policyChecker().stopCheck(); -> 2647 if (m_frame->loader().state() == FrameStateProvisional) 2648 m_frame->loader().stopAllLoaders(); 2649 } 2650 2651 removeAllEventListeners(); We can hit a nullptr crash here because m_frame->loader().policyChecker().stopCheck() invokes m_willSubmitFormCompletionHandlers, and that could clear the frame, etc... <rdar://problem/48883397>

Attachments
Fixes the bug (1.50 KB, patch) 2019-04-01 20:27 PDT, Ryosuke Niwa	koivisto: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2019-04-01 20:27:37 PDT

Created attachment 366464 [details] Fixes the bug

Ryosuke Niwa

Comment 2 2019-04-01 23:44:47 PDT

Committed r243738: <https://trac.webkit.org/changeset/243738>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component DOM

Assignee

Ryosuke Niwa

Reported

2019-04-01 20:25 PDT

Modified

2019-04-01 23:44 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks