[Webkit-unassigned] [Bug 44131] New: Navigating back/forward during a modal dialog causes a crash when the modal dialog is dismissed.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 17 14:41:17 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=44131

           Summary: Navigating back/forward during a modal dialog causes a
                    crash when the modal dialog is dismissed.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: beidson at apple.com


Created an attachment (id=64634)
 --> (https://bugs.webkit.org/attachment.cgi?id=64634)
Simple test case to repro the bug

Navigating back/forward during a modal dialog causes a crash when the modal dialog is dismissed.

Of course, it shouldn't normally be possible to travel back/forward while a modal dialog is showing.  But enforcing this is up to to the WebKit application itself.

This crash can be seen in Safari, for example:
1 - Visit any page (such as this bugzilla)
2 - Visit the attached example
3 - Note the back button is enabled, but you can't click it.
4 - Getting around that by using a trackpad, Magic Trackpad, or Magic Mouse, navigate back using a two fingered swipe.
5 - Note the page navigates in the background behind the modal dialog
6 - Dismiss the modal dialog
7 - Crash

>  1 com.apple.WebCore              0x7fff83601284 WebCore::Document::ownerElement() const + 0x4
   2 com.apple.WebCore              0x7fff8364d482 WebCore::DOMWindow::dispatchLoadEvent() + 0xc2
   3 com.apple.WebCore              0x7fff835e624f WebCore::Document::implicitClose() + 0x13f
   4 com.apple.WebCore              0x7fff835e5ee6 WebCore::FrameLoader::checkCompleted() + 0xa6
   5 com.apple.WebCore              0x7fff835e6737 WebCore::FrameLoader::completed() + 0x97
   6 com.apple.WebCore              0x7fff835e5efe WebCore::FrameLoader::checkCompleted() + 0xbe
   7 com.apple.WebCore              0x7fff83706fbf WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) + 0xdf
   8 com.apple.WebCore              0x7fff83706e41 WebCore::SubresourceLoader::didFinishLoading() + 0x31
   9 com.apple.Foundation           0x7fff851bfb6c _NSURLConnectionDidFinishLoading + 0x71
  10 com.apple.CFNetwork            0x7fff85a7306e URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 0xae
  11 com.apple.CFNetwork            0x7fff85ad83e2 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 0xfe
  12 com.apple.CFNetwork            0x7fff85a5f79f URLConnectionClient::processEvents() + 0x79
  13 com.apple.CFNetwork            0x7fff85a5f57c MultiplexerSource::perform() + 0xa0
  14 com.apple.CoreFoundation       0x7fff87ec7e91 __CFRunLoopDoSources0 + 0x551
  15 com.apple.CoreFoundation       0x7fff87ec6089 __CFRunLoopRun + 0x369
  16 com.apple.CoreFoundation       0x7fff87ec584f CFRunLoopRunSpecific + 0x23f
  17 com.apple.HIToolbox            0x7fff85f3691a RunCurrentEventLoopInMode + 0x14d
  18 com.apple.HIToolbox            0x7fff85f3671f ReceiveNextEventCommon + 0x136
  19 com.apple.HIToolbox            0x7fff85f365d8 BlockUntilNextEventMatchingListInMode + 0x3b
  20 com.apple.AppKit               0x7fff8803429e _DPSNextEvent + 0x2c4
  21 com.apple.AppKit               0x7fff88033bed -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x9b
  22 com.apple.Safari               0x100015940 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x0 (/SourceCache/WebBrowser/WebBrowser-7533.17.8/mac/BrowserApplication.mm:411)
  23 com.apple.AppKit               0x7fff87ff98d3 -[NSApplication run] + 0x18b
  24 com.apple.AppKit               0x7fff87ff25f8 NSApplicationMain + 0x16c
  25 com.apple.Safari               0x10000980c start + 0x0

Sadly, due to the variance of the ways an app might implement a modal dialog, it's not possible for WebKit/WebCore to directly know that the app is spinning an inner runloop.  But if a PageGroupLoadDeferrer is in place and the Page's loads are deferred, this is a good enough hint that we shouldn't be navigating.

A patch based on this notion is coming soon.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list