WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
204459
Crash in com.apple.WebKit.WebContent at WebKit: WebKit::StorageAreaMap::loadValuesIfNeeded
https://bugs.webkit.org/show_bug.cgi?id=204459
Summary
Crash in com.apple.WebKit.WebContent at WebKit: WebKit::StorageAreaMap::loadV...
Sihui Liu
Reported
2019-11-21 10:28:34 PST
0 WebKit 0x00000001abdaa0bc WebKit::StorageAreaMap::loadValuesIfNeeded() + 276 (Optional.h:529) 1 WebKit 0x00000001abda9ff0 WebKit::StorageAreaMap::loadValuesIfNeeded() + 72 (StorageAreaMap.cpp:168) 2 WebKit 0x00000001abda97cc WebKit::StorageAreaImpl::item(WTF::String const&) + 48 (StorageAreaMap.cpp:88) 3 WebCore 0x00000001ac64df8c WebCore::JSStorage::getOwnPropertySlot(JSC::JSObject*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) + 112 (JSStorage.cpp:167) 4 JavaScriptCore 0x00000001b424b300 llint_slow_path_get_by_id + 3988 (JSObjectInlines.h:160) 5 JavaScriptCore 0x00000001b3bfa254 llint_entry + 41460 6 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 7 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 8 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 9 JavaScriptCore 0x00000001b3c0e2d8 llint_entry + 123512 10 JavaScriptCore 0x00000001b3befe18 vmEntryToJavaScript + 248 11 JavaScriptCore 0x00000001b418ac5c JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 428 (JITCodeInlines.h:38) 12 JavaScriptCore 0x00000001b43779b0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 184 (CallData.cpp:59) 13 WebCore 0x00000001acba754c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1280 (JSExecState.h:73)
Attachments
Patch
(2.36 KB, patch)
2019-11-21 10:30 PST
,
Sihui Liu
no flags
Details
Formatted Diff
Diff
Patch for landing
(4.88 KB, patch)
2019-11-21 16:47 PST
,
Sihui Liu
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Sihui Liu
Comment 1
2019-11-21 10:30:56 PST
Created
attachment 384066
[details]
Patch
Sihui Liu
Comment 2
2019-11-21 10:32:26 PST
<
rdar://problem/57383446
>
Geoffrey Garen
Comment 3
2019-11-21 10:47:18 PST
Comment on
attachment 384066
[details]
Patch r=me Perhaps we should null check m_storageMapID in other functions too. That said, there's no obviously correct behavior in this surprising situation.
Sihui Liu
Comment 4
2019-11-21 16:47:04 PST
Created
attachment 384105
[details]
Patch for landing
WebKit Commit Bot
Comment 5
2019-11-21 17:32:45 PST
Comment on
attachment 384105
[details]
Patch for landing Clearing flags on attachment: 384105 Committed
r252757
: <
https://trac.webkit.org/changeset/252757
>
WebKit Commit Bot
Comment 6
2019-11-21 17:32:46 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug