RESOLVED FIXED309781
WebCoreTestSupport::resetInternalsObject() crashes when Document::frame() returns nullptr 
https://bugs.webkit.org/show_bug.cgi?id=309781
Summary WebCoreTestSupport::resetInternalsObject() crashes when Document::frame() ret...
David Kilzer (:ddkilzer)
Reported 2026-03-12 05:04:30 PDT
`WebCoreTestSupport::resetInternalsObject()` calls `document->frame()->page()` without checking whether `frame()` returns nullptr. `Document` should always have a valid `Page` during `resetInternalsObject()` teardown. If it does not, `Document` is in an unexpected state that should be caught explicitly rather than by crashing with an uninformative nullptr dereference. The current code also bypasses the safe accessor `Document::page()` (in `DocumentPage.h`) by calling `frame()` and `page()` as separate chained operations. <rdar://63019644>
Attachments
Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2026-03-12 05:21:13 PDT
Pull request: https://github.com/WebKit/WebKit/pull/60451
Alexey Proskuryakov
Comment 2 2026-03-12 08:24:09 PDT
Is this the same as bug 221304?
EWS
Comment 3 2026-03-12 13:10:39 PDT
Committed 309158@main (5aee90b4e66e): <https://commits.webkit.org/309158@main> Reviewed commits have been landed. Closing PR #60451 and removing active labels.
David Kilzer (:ddkilzer)
Comment 4 2026-03-12 19:56:39 PDT
*** Bug 221304 has been marked as a duplicate of this bug. ***
David Kilzer (:ddkilzer)
Comment 5 2026-03-12 19:57:30 PDT
(In reply to Alexey Proskuryakov from comment #2) > Is this the same as bug 221304? Yes
Note You need to log in before you can comment on or make changes to this bug.