Bug 79026 - Web Inspector: retrieving content for some XHR requests crashes inspected page renderer
Summary: Web Inspector: retrieving content for some XHR requests crashes inspected pag...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Vsevolod Vlasov
URL:
Keywords:
Depends on:
Blocks: 76564
  Show dependency treegraph
 
Reported: 2012-02-20 04:34 PST by Andrey Kosyakov
Modified: 2012-02-22 07:07 PST (History)
14 users (show)

See Also:


Attachments
Patch (16.45 KB, patch)
2012-02-22 04:21 PST, Vsevolod Vlasov
pfeldman: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Kosyakov 2012-02-20 04:34:58 PST
1. Open Web Inspector, switch to Network panel
2. Navigate to http://www.cnn.com
3. On the Network panel, filter XHR requests
4. Click on an XHR request from s3.amazonws.com or 2mdn.net
5. Observe crash of the inspected page renderer

Here's the stack trace:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000038
WTF::RetainPtr<__CFData const*>::operator __CFData const* WTF::RetainPtr<__CFData const*>::* (this=0x38) at RetainPtr.h:91
91	        operator UnspecifiedBoolType() const { return m_ptr ? &RetainPtr::m_ptr : 0; }
(gdb) bt
#0  WTF::RetainPtr<__CFData const*>::operator __CFData const* WTF::RetainPtr<__CFData const*>::* (this=0x38) at RetainPtr.h:91
#1  0x59952322 in WebCore::SharedBuffer::hasPlatformData (this=0x0) at /Users/caseq/chromium/src/third_party/WebKit/Source/WebCore/WebCore.gyp/../platform/cf/SharedBufferCF.cpp:64
#2  0x5991f3be in WebCore::SharedBuffer::data (this=0x0) at SharedBuffer.cpp:111
#3  0x5a2276dd in WebCore::InspectorPageAgent::cachedResourceContent (cachedResource=0x12e6a00, result=0xbfffbbc0, base64Encoded=0xbfffbbbf) at InspectorPageAgent.cpp:157
#4  0x5a250224 in WebCore::InspectorResourceAgent::getResponseBody (this=0x13ee80, errorString=0xbfffbbb8, requestId=@0xbfffbb90, content=0xbfffbbc0, base64Encoded=0xbfffbbbf) at InspectorResourceAgent.cpp:502
#5  0x5a2502f2 in non-virtual thunk to WebCore::InspectorResourceAgent::getResponseBody(WTF::String*, WTF::String const&, WTF::String*, bool*) () at InspectorResourceAgent.cpp:507
#6  0x5add2fdc in WebCore::InspectorBackendDispatcherImpl::Network_getResponseBody (this=0x17e6ded0, callId=163, requestMessageObject=0x1942d1f0) at /Users/caseq/chromium/src/third_party/WebKit/Source/WebCore/WebCore.gyp/../../../../../xcodebuild/DerivedSources/Debug/webcore/InspectorBackendDispatcher.cpp:1298
#7  0x5adf045b in WebCore::InspectorBackendDispatcherImpl::dispatch (this=0x17e6ded0, message=@0xbfffbe00) at /Users/caseq/chromium/src/third_party/WebKit/Source/WebCore/WebCore.gyp/../../../../../xcodebuild/DerivedSources/Debug/webcore/InspectorBackendDispatcher.cpp:4289

Note that in InspectorPageAgent.cpp:157, we use buffer that happens to be NULL.
Comment 1 Vsevolod Vlasov 2012-02-22 04:21:11 PST
Created attachment 128176 [details]
Patch
Comment 2 Vsevolod Vlasov 2012-02-22 07:07:48 PST
Committed r108497: <http://trac.webkit.org/changeset/108497>