[Webkit-unassigned] [Bug 147227] New: Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 23 09:54:52 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=147227

            Bug ID: 147227
           Summary: Crash in WebPlatformStrategies::createPingHandle -
                    Deref a null NetworkingContext
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: beidson at apple.com

Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext

0   com.apple.WebKit                  0x00007fff9152d6e8 WebKit::WebFrameNetworkingContext::webFrameLoaderClient() const + 6
1   com.apple.WebKit                  0x00007fff9159b224 WebKit::WebPlatformStrategies::createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, bool) + 64
2   com.apple.WebCore                 0x00007fff97c7a696 WebCore::PingLoader::startPingLoad(WebCore::Frame&, WebCore::ResourceRequest&) + 566
3   com.apple.WebCore                 0x00007fff97c7b0f6 WebCore::PingLoader::sendViolationReport(WebCore::Frame&, WebCore::URL const&, WTF::PassRefPtr<WebCore::FormData>) + 918
4   com.apple.WebCore                 0x00007fff974f7fe2 WebCore::ContentSecurityPolicy::reportViolation(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::URL const&, WTF::Vector<WebCore::URL, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::String const&, WTF::String const&, WTF::OrdinalNumber const&, JSC::ExecState*) const + 3554
5   com.apple.WebCore                 0x00007fff974f71c8 WebCore::CSPDirectiveList::reportViolation(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::URL const&, WTF::String const&, WTF::OrdinalNumber const&, JSC::ExecState*) const + 280
...
30  com.apple.WebCore                 0x00007fff9713f482 WebCore::FrameLoader::init() + 770
31  com.apple.WebKit                  0x00007fff91392fe9 WebKit::WebFrame::createSubframe(WebKit::WebPage*, WTF::String const&, WebCore::HTMLFrameOwnerElement*) + 381
32  com.apple.WebKit                  0x00007fff9152a639 WebKit::WebFrameLoaderClient::createFrame(WebCore::URL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int) + 63
33  com.apple.WebCore                 0x00007fff97ece1db WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::String const&, WTF::String const&) + 283

UserStyleSheet, with a font-src rule, injected into the initial empty document for a new frame, but with CSP blocking the font load, and triggering a violation report.

Wow!

Easy to repro with a layout test, though.

Radar - <rdar://problem/21949735>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150723/9aa72cb3/attachment.html>

More information about the webkit-unassigned mailing list