[Webkit-unassigned] [Bug 116814] New: Webkit crashes while loading content from page cache

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon May 27 02:16:17 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=116814

           Summary: Webkit crashes while loading  content from page cache
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Major
          Priority: P2
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: charles.wei at torchmobile.com.cn


WebKit crashes while trying to load the content from page cache.


(gdb) bt
#0  0x00007ffff67ac452 in WebCore::CachedRawResource::responseReceived (this=0x7fffdea40a00, response=...)
    at /home/cswei/project/tot/Source/WebCore/loader/cache/CachedRawResource.cpp:132
#1  0x00007ffff680ad6e in WebCore::SubresourceLoader::didReceiveResponse (this=0x7fffdea00800, response=...)
    at /home/cswei/project/tot/Source/WebCore/loader/SubresourceLoader.cpp:184
#2  0x00007ffff67c764e in substituteResourceDeliveryTimerFired (this=<optimized out>)
    at /home/cswei/project/tot/Source/WebCore/loader/DocumentLoader.cpp:1100
#3  WebCore::DocumentLoader::substituteResourceDeliveryTimerFired (this=<optimized out>)
    at /home/cswei/project/tot/Source/WebCore/loader/DocumentLoader.cpp:1081
#4  0x00007ffff6964ea2 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7fffde9f80f0)
    at /home/cswei/project/tot/Source/WebCore/platform/ThreadTimers.cpp:129
#5  0x00007ffff3e6ff19 in QObject::event(QEvent*) () from /usr/local/Qt-5.1.0/lib/libQt5Core.so.5
#6  0x00007ffff4d339d4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Qt-5.1.0/lib/libQt5Widgets.so.5
#7  0x00007ffff4d36c91 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Qt-5.1.0/lib/libQt5Widgets.so.5
#8  0x00007ffff3e47724 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Qt-5.1.0/lib/libQt5Core.so.5
#9  0x00007ffff3e90acc in QTimerInfoList::activateTimers() () from /usr/local/Qt-5.1.0/lib/libQt5Core.so.5
#10 0x00007ffff3e912dd in ?? () from /usr/local/Qt-5.1.0/lib/libQt5Core.so.5
#11 0x00007fffef264a5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007fffef265258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007fffef265429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007ffff3e91ab4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Qt-5.1.0/lib/libQt5Core.so.5
#15 0x00007ffff3e464bb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Qt-5.1.0/lib/libQt5Core.so.5
#16 0x00007ffff3e4a580 in QCoreApplication::exec() () from /usr/local/Qt-5.1.0/lib/libQt5Core.so.5
#17 0x00000000004156b0 in launcherMain (app=...) at /home/cswei/project/tot/Tools/QtTestBrowser/qttestbrowser.cpp:54
#18 main (argc=1, argv=<optimized out>) at /home/cswei/project/tot/Tools/QtTestBrowser/qttestbrowser.cpp:318

(gdb) list 131
126    }
127    
128    void CachedRawResource::responseReceived(const ResourceResponse& response)
129    {
130        CachedResourceHandle<CachedRawResource> protect(this);
131        if (!m_identifier)
132            m_identifier = m_loader->identifier();
133        CachedResource::responseReceived(response);
134        CachedResourceClientWalker<CachedRawResourceClient> w(m_clients);
135        while (CachedRawResourceClient* c = w.next())
(gdb) p m_loader
$1 = {m_ptr = 0x0}


This is caused by the commit: b124248928cde28a4a55c7982b2dcb6e7200d492 for bug: https://bugs.webkit.org/show_bug.cgi?id=104969, and commit  a3265403bade6d561d38c58139bddd93ff271496 for https://bugs.webkit.org/show_bug.cgi?id=112722, both of which merge MainResourceLoader into DocumentLoader.


Before these patches, when a main resource loading fails, the MainResourceLoader will try appcache before notifying the DocumentLoader, and will keep the loading status appropriate when loading the substitute data from the AppCache.

After these patches, this functionality was moved to DocumentLoader::mainReceivedError(), which tries to load from Appcache.  But when the application reaches here, the ResourceLoader(SubResourceLoader) is already is in finishing state after ResourceLoader::didFail() and SubresourceLoader::didFail(), and the CachedResources associated with them already destroyed.

We should move the ApplicationCache check the first thing when a resource loading fails (info ResourceLoader::didFail(ResourceHandle, Error)). which now only takes care of Subresource but not MainResource.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list