RESOLVED FIXED 253383
REGRESSION (261190@main): Lots of tests crashing in WebPageProxy::createNewPage() 
https://bugs.webkit.org/show_bug.cgi?id=253383
Summary REGRESSION (261190@main): Lots of tests crashing in WebPageProxy::createNewPa...
Simon Fraser (smfr)
Reported 2023-03-03 23:18:18 PST
Lots of test crashes here: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [842] VM Regions Near 0x10: --> __TEXT 10302d000-1030f5000 [ 800K] r-x/r-x SM=COW /Volumes/* Application Specific Information: CRASHING TEST: fast/html/broadcast-channel-between-different-sessions.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x0000000105d97369 WebKit::WebProcessProxy::consumeIfNotVerifiablyFromUIProcess(API::UserInitiatedAction&, std::__1::optional<WTF::UUID>) + 95 1 com.apple.WebKit 0x0000000105d541c4 WebKit::WebPageProxy::createNewPage(WebKit::FrameInfoData&&, WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType>, WebCore::ResourceRequest&&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (std::__1::optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, std::__1::optional<WebKit::WebPageCreationParameters>)>&&) + 728 2 com.apple.WebKit 0x00000001060b712e WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 704 3 com.apple.WebKit 0x000000010616b59e IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 272 4 com.apple.WebKit 0x0000000105d95e0d WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 31 5 com.apple.WebKit 0x0000000106167065 IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 259 6 com.apple.WebKit 0x000000010616729a IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 216 7 com.apple.WebKit 0x0000000106163d00 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 42 8 com.apple.WebKit 0x0000000106163f13 IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) + 493 9 com.apple.JavaScriptCore 0x00000001034bbbc1 WTF::RunLoop::performWork() + 545 10 com.apple.JavaScriptCore 0x00000001034bc5c2 WTF::RunLoop::performWork(void*) + 34 11 com.apple.CoreFoundation 0x00007fff2068ca8c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 12 com.apple.CoreFoundation 0x00007fff2068c9f4 __CFRunLoopDoSource0 + 180 13 com.apple.CoreFoundation 0x00007fff2068c76a __CFRunLoopDoSources0 + 242 14 com.apple.CoreFoundation 0x00007fff2068b188 __CFRunLoopRun + 897 15 com.apple.CoreFoundation 0x00007fff2068a740 CFRunLoopRunSpecific + 567
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-03-03 23:18:41 PST
<rdar://problem/106227636>
Simon Fraser (smfr)
Comment 2 2023-03-03 23:26:31 PST
I am going to commit this to make tests not crash, but I don't know if it's correct: diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp index 27b1e5e2875635df87907564c6fb56647158751a..f629709a4b10642f5f1a702f3181f46d4db55148 100644 --- a/Source/WebKit/UIProcess/WebPageProxy.cpp +++ b/Source/WebKit/UIProcess/WebPageProxy.cpp @@ -6298,7 +6298,8 @@ void WebPageProxy::createNewPage(FrameInfoData&& originatingFrameInfoData, WebPa else #endif userInitiatedActivity = m_process->userInitiatedActivity(navigationActionData.userGestureTokenIdentifier); - if (m_preferences->verifyWindowOpenUserGestureFromUIProcess() && request.url().string() != Quirks::staticRadioPlayerURLString()) + + if (userInitiatedActivity && m_preferences->verifyWindowOpenUserGestureFromUIProcess() && request.url().string() != Quirks::staticRadioPlayerURLString()) m_process->consumeIfNotVerifiablyFromUIProcess(*userInitiatedActivity, navigationActionData.userGestureAuthorizationToken); bool shouldOpenAppLinks = originatingFrameInfo->request().url().host() != request.url().host();
Simon Fraser (smfr)
Comment 3 2023-03-03 23:28:15 PST
Pull request: https://github.com/WebKit/WebKit/pull/11065
EWS
Comment 4 2023-03-03 23:31:26 PST
Committed 261215@main (5b368793a8c0): <https://commits.webkit.org/261215@main> Reviewed commits have been landed. Closing PR #11065 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.