WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
277294
Crash under BackForwardCache::get(HistoryItem&, Page*)
https://bugs.webkit.org/show_bug.cgi?id=277294
Summary
Crash under BackForwardCache::get(HistoryItem&, Page*)
Chris Dumez
Reported
2024-07-29 16:24:34 PDT
Crash under BackForwardCache::get(HistoryItem&, Page*) when disabling caches via Web Inspector: ``` * frame #0: 0x000000030000357c WebCore`WTFCrashWithInfo(line=286, file="/usr/local/include/wtf/CheckedRef.h", function="void WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::decrementPtrCount() const [StorageType = WTF::SingleThreadIntegralWrapper<unsigned int>, PtrCounterType = unsigned int]", counter=432) at Assertions.h:835:5 frame #1: 0x0000000303d1e8bc WebCore`WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::decrementPtrCount(this=0x000000013905dad0) const at CheckedRef.h:286:9 frame #2: 0x0000000304b8c430 WebCore`WTF::CheckedPtr<WebCore::CachedPage, WTF::RawPtrTraits<WebCore::CachedPage>>::derefIfNotNull(this=0x000000016ba91348) at CheckedPtr.h:185:18 frame #3: 0x0000000304b8c3e0 WebCore`WTF::CheckedPtr<WebCore::CachedPage, WTF::RawPtrTraits<WebCore::CachedPage>>::~CheckedPtr(this=0x000000016ba91348) at CheckedPtr.h:72:9 frame #4: 0x0000000304b79798 WebCore`WTF::CheckedPtr<WebCore::CachedPage, WTF::RawPtrTraits<WebCore::CachedPage>>::~CheckedPtr(this=0x000000016ba91348) at CheckedPtr.h:71:5 frame #5: 0x0000000304b794f0 WebCore`WebCore::BackForwardCache::get(this=0x0000000309998e38, item=0x00000001390fc680, page=0x000000013904e500) at BackForwardCache.cpp:590:1 frame #6: 0x00000003054f8a94 WebCore`WebCore::FrameLoader::loadDifferentDocumentItem(this=0x0000000139045ef0, item=0x00000001390fc680, fromItem=0x00000001390e4b60, loadType=Back, cacheLoadPolicy=MayAttemptCacheOnlyLoadForFormSubmissionItem, shouldTreatAsContinuingLoad=No) at FrameLoader.cpp:4279:63 frame #7: 0x000000030550fcf0 WebCore`WebCore::FrameLoader::loadItem(this=0x0000000139045ef0, item=0x00000001390fc680, fromItem=0x00000001390e4b60, loadType=Back, shouldTreatAsContinuingLoad=No) at FrameLoader.cpp:4409:9 frame #8: 0x0000000305571124 WebCore`WebCore::HistoryController::recursiveGoToItem(this=0x000000013907c630, item=0x00000001390fc680, fromItem=0x00000001390e4b60, type=Back, shouldTreatAsContinuingLoad=No) at HistoryController.cpp:813:37 frame #9: 0x0000000305570e14 WebCore`WebCore::HistoryController::goToItem(this=0x000000013907c630, targetItem=0x00000001390fc680, type=Back, shouldTreatAsContinuingLoad=No) at HistoryController.cpp:348:5 frame #10: 0x00000003058b0e78 WebCore`WebCore::Page::goToItem(this=0x000000013904e500, mainFrame=0x000000013906ca00, item=0x00000001390fc680, type=Back, shouldTreatAsContinuingLoad=No) at Page.cpp:793:33 frame #11: 0x000000011cec8bc4 WebKit`WebKit::WebPage::goToBackForwardItem(this=0x0000000137811c08, parameters=0x000000016ba93370) at WebPage.cpp:2268:17 frame #12: 0x000000011cfc9c64 WebKit`auto void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::GoToBackForwardItemParameters&&), std::__1::tuple<WebKit::GoToBackForwardItemParameters>>(this=0x000000016ba932c0, args=0x000000016ba93370)(WebKit::GoToBackForwardItemParameters&&), std::__1::tuple<WebKit::GoToBackForwardItemParameters>&&)::'lambda'(auto&&...)::operator()<WebKit::GoToBackForwardItemParameters>(auto&&...) const at HandleMessage.h:135:13 ```
Attachments
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2024-07-29 16:24:43 PDT
<
rdar://132704152
>
Chris Dumez
Comment 2
2024-07-29 16:32:36 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/31422
EWS
Comment 3
2024-07-29 19:04:30 PDT
Committed
281540@main
(cd835520f77a): <
https://commits.webkit.org/281540@main
> Reviewed commits have been landed. Closing PR #31422 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug