1. Open Web Inspector, switch to Network panel 2. Navigate to http://www.cnn.com 3. On the Network panel, filter XHR requests 4. Click on an XHR request from s3.amazonws.com or 2mdn.net 5. Observe crash of the inspected page renderer Here's the stack trace: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000038 WTF::RetainPtr<__CFData const*>::operator __CFData const* WTF::RetainPtr<__CFData const*>::* (this=0x38) at RetainPtr.h:91 91 operator UnspecifiedBoolType() const { return m_ptr ? &RetainPtr::m_ptr : 0; } (gdb) bt #0 WTF::RetainPtr<__CFData const*>::operator __CFData const* WTF::RetainPtr<__CFData const*>::* (this=0x38) at RetainPtr.h:91 #1 0x59952322 in WebCore::SharedBuffer::hasPlatformData (this=0x0) at /Users/caseq/chromium/src/third_party/WebKit/Source/WebCore/WebCore.gyp/../platform/cf/SharedBufferCF.cpp:64 #2 0x5991f3be in WebCore::SharedBuffer::data (this=0x0) at SharedBuffer.cpp:111 #3 0x5a2276dd in WebCore::InspectorPageAgent::cachedResourceContent (cachedResource=0x12e6a00, result=0xbfffbbc0, base64Encoded=0xbfffbbbf) at InspectorPageAgent.cpp:157 #4 0x5a250224 in WebCore::InspectorResourceAgent::getResponseBody (this=0x13ee80, errorString=0xbfffbbb8, requestId=@0xbfffbb90, content=0xbfffbbc0, base64Encoded=0xbfffbbbf) at InspectorResourceAgent.cpp:502 #5 0x5a2502f2 in non-virtual thunk to WebCore::InspectorResourceAgent::getResponseBody(WTF::String*, WTF::String const&, WTF::String*, bool*) () at InspectorResourceAgent.cpp:507 #6 0x5add2fdc in WebCore::InspectorBackendDispatcherImpl::Network_getResponseBody (this=0x17e6ded0, callId=163, requestMessageObject=0x1942d1f0) at /Users/caseq/chromium/src/third_party/WebKit/Source/WebCore/WebCore.gyp/../../../../../xcodebuild/DerivedSources/Debug/webcore/InspectorBackendDispatcher.cpp:1298 #7 0x5adf045b in WebCore::InspectorBackendDispatcherImpl::dispatch (this=0x17e6ded0, message=@0xbfffbe00) at /Users/caseq/chromium/src/third_party/WebKit/Source/WebCore/WebCore.gyp/../../../../../xcodebuild/DerivedSources/Debug/webcore/InspectorBackendDispatcher.cpp:4289 Note that in InspectorPageAgent.cpp:157, we use buffer that happens to be NULL.
Created attachment 128176 [details] Patch
Committed r108497: <http://trac.webkit.org/changeset/108497>