RESOLVED FIXED 38543
[Chromium] Crash in WebPageSerializerImpl::serialize() on downloaded iframe
https://bugs.webkit.org/show_bug.cgi?id=38543
Summary [Chromium] Crash in WebPageSerializerImpl::serialize() on downloaded iframe
Nate Chapin
Reported 2010-05-04 13:46:08 PDT
Original report at http://crbug.com/42212 If an iframe is set to a url that gets downloaded, the frame loader never commits to the load and never sets m_URL (since it never actually performed a navigation). If we try to save the page, we get to WebPageSerializerImpl::serialize() and try to do operations on each of the urls in turn, reach the invalid url of the downloaded iframe, and crash. There are two ways to fix this: 1. Check the url in WebPageSerializerImpl before using it 2. Ensure FrameLoader::m_url is always valid. I'm inclined to go with (1), since this crash appears to be occurring in Chromium only.
Attachments
patch (1.42 KB, patch)
2010-05-04 13:54 PDT, Nate Chapin
eric: review-
patch + updated changelog (1.61 KB, patch)
2010-05-07 09:41 PDT, Nate Chapin
abarth: review+
Nate Chapin
Comment 1 2010-05-04 13:54:54 PDT
Adam Barth
Comment 2 2010-05-04 14:04:06 PDT
Comment on attachment 55044 [details] patch Please add a test. I think we have the ability to unit test the Chromium WebKit API.
Nate Chapin
Comment 3 2010-05-04 15:44:31 PDT
A test that covers this functionality would need to bring up a full WebFrame and be able to exercise it. I don't believe that is possible with the testing tools currently available for the Chromium API in webkit.org (I think it requires the tools chromium has in test_shell_tests). If you would like me to write a unit test, I'm happy to do so, but I think it would need to be in src.chromium.org for now.
Nate Chapin
Comment 4 2010-05-05 08:37:18 PDT
Comment on attachment 55044 [details] patch Resetting r? for the reason outlined in my previous post (a test that covers this functionality would need to live in the chromium repo at the moment).
Nate Chapin
Comment 5 2010-05-05 09:23:06 PDT
(In reply to comment #4) > (From update of attachment 55044 [details]) > Resetting r? for the reason outlined in my previous post (a test that covers > this functionality would need to live in the chromium repo at the moment). FYI, the test for this patch is up for review at http://codereview.chromium.org/1917007
Eric Seidel (no email)
Comment 6 2010-05-05 21:56:23 PDT
Comment on attachment 55044 [details] patch Needs tests or explanation of why testing is impossible.
Dimitri Glazkov (Google)
Comment 7 2010-05-06 08:17:29 PDT
(In reply to comment #6) > (From update of attachment 55044 [details]) > Needs tests or explanation of why testing is impossible. In the changelog, right? Because I think Nate provided a pretty good explanation in the bug.
Eric Seidel (no email)
Comment 8 2010-05-07 09:35:18 PDT
Yes, in the ChangeLog. I don't (and I guess Adam doesn't either) read bugs during most reviews (except to validate that no one else has objected).
Nate Chapin
Comment 9 2010-05-07 09:41:03 PDT
Created attachment 55388 [details] patch + updated changelog
Adam Barth
Comment 10 2010-05-11 13:05:55 PDT
Comment on attachment 55388 [details] patch + updated changelog ok
Nate Chapin
Comment 12 2010-05-12 12:15:26 PDT
Note You need to log in before you can comment on or make changes to this bug.