[Webkit-unassigned] [Bug 52945] crash @ WebCore::ResourceLoader::didCancel(WebCore::ResourceError const &)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 21 19:52:34 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=52945





--- Comment #1 from raman tenneti <rtenneti at chromium.org>  2011-01-21 19:52:34 PST ---
Raman Tenneti <rtenneti at google.com>
to    Adam Barth <abarth at google.com>
cc    Jim Roskind <jar at google.com>
date    Fri, Jan 21, 2011 at 2:25 PM
subject    Re: crash in webcore ResouceLoader
mailed-by    google.com
hide details 2:25 PM (5 hours ago)
Hi Adam,


If we look at the callstack for the crash, there's usually a correct
point to do the null check.  Oftentimes that's close to the use, but
if something higher on the callstack does't make sense when the
pointer is null, we might want to add the check there instead.

The above is a good idea. Add a check to MainResourceLoader.cpp to check if m_DoocumentLoader is not null, then only call ResourceLoader::didCancel. Also in ResourceLoader:didCancel, return if m_documentLoader is null. If it not null, then access the m_documentLoader and the next steps:

void MainResourceLoader::didCancel(const ResourceError& error)
.....
    if (m_documentLoader)
       ResourceLoader::didCancel(error);
}

void ResourceLoader::didCancel(const ResourceError& error)
{
...
    if (!m_documentLoader)
        return;

    m_documentLoader->cancelPendingSubstituteLoad(this);


I came across the following is the crash while investigating this bug. It is a different stack trace than the one reported by go/crash.

It looks like in the following case we are trying to resume. m_suspended was false and we are asserting it should be true. (I thought I duplicated the bug, but was seeing a different problem).

thanks,
raman

     chrome.dll!WebCore::SuspendableTimer::resume()  Line 72 + 0x24 bytes    C++
     chrome.dll!WebCore::ScriptExecutionContext::resumeActiveDOMObjects()  Line 203 + 0x1c bytes    C++
>    chrome.dll!WebCore::PageGroupLoadDeferrer::~PageGroupLoadDeferrer()  Line 74    C++
     chrome.dll!WebCore::PageGroupLoadDeferrer::`scalar deleting destructor'()  + 0x16 bytes    C++
     chrome.dll!WebKit::WebView::didExitModalLoop()  Line 257 + 0x25 bytes    C++
     chrome.dll!RenderThread::Send(IPC::Message * msg=0x06c49640)  Line 424    C++
     chrome.dll!RenderWidget::Send(IPC::Message * message=0x06c49640)  Line 191 + 0x19 bytes    C++
     chrome.dll!PrintWebViewHelper::Send(IPC::Message * msg=0x06c49640)  Line 283 + 0x1d bytes    C++
     chrome.dll!PrintWebViewHelper::GetPrintSettingsFromUser(WebKit::WebFrame * frame=0x0628b840, int expected_pages_count=1, bool use_browser_overlays=true)  Line 480 + 0xf bytes    C++
     chrome.dll!PrintWebViewHelper::Print(WebKit::WebFrame * frame=0x0628b840, WebKit::WebNode * node=0x00000000, bool script_initiated=true, bool is_preview=false)  Line 167 + 0x15 bytes    C++
     chrome.dll!PrintWebViewHelper::PrintFrame(WebKit::WebFrame * frame=0x0628b840, bool script_initiated=true, bool is_preview=false)  Line 102    C++
     chrome.dll!RenderView::Print(WebKit::WebFrame * frame=0x0628b840, bool script_initiated=true, bool is_preview=false)  Line 5296    C++
     chrome.dll!RenderView::printPage(WebKit::WebFrame * frame=0x0628b840)  Line 2161    C++
     chrome.dll!WebKit::ChromeClientImpl::print(WebCore::Frame * frame=0x06506200)  Line 623 + 0x2a bytes    C++
     chrome.dll!WebCore::Chrome::print(WebCore::Frame * frame=0x06506200)  Line 415 + 0x1c bytes    C++
     chrome.dll!WebCore::DOMWindow::print()  Line 905    C++
     chrome.dll!WebCore::DOMWindow::finishedLoading()  Line 1587    C++
     chrome.dll!WebCore::DocumentLoader::updateLoading()  Line 370    C++
     chrome.dll!WebCore::DocumentLoader::removeSubresourceLoader(WebCore::ResourceLoader * loader=0x06551000)  Line 729    C++
     chrome.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime=1295645962.2659061)  Line 188    C++
     chrome.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x06c73ad0, double finishTime=1295645962.2659061)  Line 439 + 0x18 bytes    C++
     chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading(WebKit::WebURLLoader * __formal=0x07058008, double finishTime=1295645962.2659061)  Line 191 + 0x2e bytes    C++
     chrome.dll!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(const net::URLRequestStatus & status={...}, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & security_info="", const base::Time & completion_time={...})  Line 657 + 0x2c bytes    C++
     chrome.dll!ResourceDispatcher::OnRequestComplete(int request_id=50, const net::URLRequestStatus & status={...}, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & security_info="", const base::Time & completion_time={...})  Line 457 + 0x1b bytes    C++
     chrome.dll!DispatchToMethod<ResourceDispatcher,void (__thiscall ResourceDispatcher::*)(int,net::URLRequestStatus const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::Time const &),int,net::URLRequestStatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::Time>(ResourceDispatcher * obj=0x004e7730, void (int, const net::URLRequestStatus &, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &, const base::Time &)* method=0x58f7d120, const Tuple4<int,net::URLRequestStatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::Time> & arg={...})  Line 570 + 0x23 bytes    C++
     chrome.dll!IPC::MessageWithTuple<Tuple4<int,net::URLRequestStatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::Time> >::Dispatch<ResourceDispatcher,ResourceDispatcher,void (__thiscall ResourceDispatcher::*)(int,net::URLRequestStatus const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::Time const &)>(const IPC::Message * msg=0x0703f5a8, ResourceDispatcher * obj=0x004e7730, ResourceDispatcher * sender=0x004e7730, void (int, const net::URLRequestStatus &, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &, const base::Time &)* func=0x58f7d120)  Line 928 + 0x11 bytes    C++
     chrome.dll!ResourceDispatcher::DispatchMessageW(const IPC::Message & message={...})  Line 530 + 0x16 bytes    C++
     chrome.dll!ResourceDispatcher::OnMessageReceived(const IPC::Message & message={...})  Line 298    C++
     chrome.dll!ChildThread::OnMessageReceived(const IPC::Message & msg={...})  Line 144 + 0x2d bytes    C++
     chrome.dll!IPC::ChannelProxy::Context::OnDispatchMessage(const IPC::Message & message={...})  Line 255 + 0x19 bytes    C++
     chrome.dll!DispatchToMethod<IPC::ChannelProxy::Context,void (__thiscall IPC::ChannelProxy::Context::*)(IPC::Message const &),IPC::Message>(IPC::ChannelProxy::Context * obj=0x0052e000, void (const IPC::Message &)* method=0x57b699a0, const Tuple1<IPC::Message> & arg={...})  Line 551 + 0xf bytes    C++
     chrome.dll!RunnableMethod<IPC::ChannelProxy::Context,void (__thiscall IPC::ChannelProxy::Context::*)(IPC::Message const &),Tuple1<IPC::Message> >::Run()  Line 331 + 0x1e bytes    C++
     chrome.dll!MessageLoop::RunTask(Task * task=0x0703f580)  Line 356 + 0xf bytes    C++
     chrome.dll!MessageLoop::DeferOrRunPendingTask(const MessageLoop::PendingTask & pending_task={...})  Line 368    C++
     chrome.dll!MessageLoop::DoWork()  Line 558 + 0xc bytes    C++
     chrome.dll!base::MessagePumpDefault::Run(base::MessagePump::Delegate * delegate=0x0037ed40)  Line 23 + 0xf bytes    C++
     chrome.dll!MessageLoop::RunInternal()  Line 331 + 0x2a bytes    C++
     chrome.dll!MessageLoop::RunHandler()  Line 305    C++
     chrome.dll!MessageLoop::Run()  Line 235    C++
     chrome.dll!RendererMain(const MainFunctionParams & parameters={...})  Line 298    C++
     chrome.dll!`anonymous namespace'::RunNamedProcessTypeMain(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & process_type="renderer", const MainFunctionParams & main_function_params={...})  Line 593 + 0x12 bytes    C++
     chrome.dll!ChromeMain(HINSTANCE__ * instance=0x01060000, sandbox::SandboxInterfaceInfo * sandbox_info=0x0037f6d8, wchar_t * command_line_unused=0x003e1d3e)  Line 919 + 0x10 bytes    C++
     chrome.exe!MainDllLoader::Launch(HINSTANCE__ * instance=0x01060000, sandbox::SandboxInterfaceInfo * sbox_info=0x0037f6d8)  Line 280 + 0x1d bytes    C++
     chrome.exe!wWinMain(HINSTANCE__ * instance=0x01060000, HINSTANCE__ * __formal=0x00000000, HINSTANCE__ * __formal=0x00000000, HINSTANCE__ * __formal=0x00000000)  Line 46 + 0x10 bytes    C++
     chrome.exe!__tmainCRTStartup()  Line 263 + 0x2c bytes    C
     chrome.exe!wWinMainCRTStartup()  Line 182    C
     kernel32.dll!@BaseThreadInitThunk at 12()  + 0x12 bytes    
     ntdll.dll!___RtlUserThreadStart at 8()  + 0x27 bytes    
     ntdll.dll!__RtlUserThreadStart at 8()  + 0x1b bytes    
- Show quoted text -

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list