207407 – Crash under WKBundleFrameForJavaScriptContext dereferencing a NULL WebCore::Frame

RESOLVED FIXED 207407

Crash under WKBundleFrameForJavaScriptContext dereferencing a NULL WebCore::Frame

https://bugs.webkit.org/show_bug.cgi?id=207407

Summary Crash under WKBundleFrameForJavaScriptContext dereferencing a NULL WebCore::F...

Timothy Hatcher

Reported 2020-02-07 14:08:54 PST

Safari is hitting a crash in the injected bundle when calling WKBundleFrameForJavaScriptContext with a context of a page that has been closed. #0 0x00000003b836f715 in std::__1::unique_ptr<WebCore::FrameLoader, std::__1::default_delete<WebCore::FrameLoader> >::operator bool() const at ~/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.15.xctoolchain/usr/include/c++/v1/memory:2636 #1 0x00000003b836f69d in WTF::UniqueRef<WebCore::FrameLoader>::get() at /Users/Timothy/Work/Safari/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/UniqueRef.h:58 #2 0x00000003b83634ce in WebCore::Frame::loader() const at /Users/Timothy/Work/Safari/OpenSource/WebKitBuild/Debug/WebCore.framework/PrivateHeaders/Frame.h:367 #3 0x00000003b949d835 in WebKit::WebFrame::fromCoreFrame(WebCore::Frame const&) at ~/Work/Safari/OpenSource/Source/WebKit/WebProcess/WebPage/WebFrame.cpp:182 #4 0x00000003b94a65f3 in WebKit::WebFrame::frameForContext(OpaqueJSContext const*) at ~/Work/Safari/OpenSource/Source/WebKit/WebProcess/WebPage/WebFrame.cpp:711 #5 0x00000003b92ea1b5 in ::WKBundleFrameForJavaScriptContext(JSContextRef) at ~/Work/Safari/OpenSource/Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundleFrame.cpp:104 <rdar://problem/59206599>

Attachments
Patch (1.67 KB, patch) 2020-02-07 14:10 PST, Timothy Hatcher	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Timothy Hatcher

Comment 1 2020-02-07 14:10:33 PST

Created attachment 390120 [details] Patch

WebKit Commit Bot

Comment 2 2020-02-07 15:01:48 PST

Comment on attachment 390120 [details] Patch Clearing flags on attachment: 390120 Committed r256068: <https://trac.webkit.org/changeset/256068>

WebKit Commit Bot

Comment 3 2020-02-07 15:01:49 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Timothy Hatcher

Reported

2020-02-07 14:08 PST

Modified

2020-02-07 15:01 PST History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks