Bug 207407 - Crash under WKBundleFrameForJavaScriptContext dereferencing a NULL WebCore::Frame
Summary: Crash under WKBundleFrameForJavaScriptContext dereferencing a NULL WebCore::F...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Timothy Hatcher
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-02-07 14:08 PST by Timothy Hatcher
Modified: 2020-02-07 15:01 PST (History)
5 users (show)

See Also:


Attachments
Patch (1.67 KB, patch)
2020-02-07 14:10 PST, Timothy Hatcher
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Timothy Hatcher 2020-02-07 14:08:54 PST
Safari is hitting a crash in the injected bundle when calling WKBundleFrameForJavaScriptContext with a context of a page that has been closed.

#0    0x00000003b836f715 in std::__1::unique_ptr<WebCore::FrameLoader, std::__1::default_delete<WebCore::FrameLoader> >::operator bool() const at ~/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.15.xctoolchain/usr/include/c++/v1/memory:2636
#1    0x00000003b836f69d in WTF::UniqueRef<WebCore::FrameLoader>::get() at /Users/Timothy/Work/Safari/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/UniqueRef.h:58
#2    0x00000003b83634ce in WebCore::Frame::loader() const at /Users/Timothy/Work/Safari/OpenSource/WebKitBuild/Debug/WebCore.framework/PrivateHeaders/Frame.h:367
#3    0x00000003b949d835 in WebKit::WebFrame::fromCoreFrame(WebCore::Frame const&) at ~/Work/Safari/OpenSource/Source/WebKit/WebProcess/WebPage/WebFrame.cpp:182
#4    0x00000003b94a65f3 in WebKit::WebFrame::frameForContext(OpaqueJSContext const*) at ~/Work/Safari/OpenSource/Source/WebKit/WebProcess/WebPage/WebFrame.cpp:711
#5    0x00000003b92ea1b5 in ::WKBundleFrameForJavaScriptContext(JSContextRef) at ~/Work/Safari/OpenSource/Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundleFrame.cpp:104

<rdar://problem/59206599>
Comment 1 Timothy Hatcher 2020-02-07 14:10:33 PST
Created attachment 390120 [details]
Patch
Comment 2 WebKit Commit Bot 2020-02-07 15:01:48 PST
Comment on attachment 390120 [details]
Patch

Clearing flags on attachment: 390120

Committed r256068: <https://trac.webkit.org/changeset/256068>
Comment 3 WebKit Commit Bot 2020-02-07 15:01:49 PST
All reviewed patches have been landed.  Closing bug.