[Webkit-unassigned] [Bug 147227] Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 23 11:11:01 PDT 2015


https://bugs.webkit.org/show_bug.cgi?id=147227

--- Comment #4 from Brady Eidson <beidson at apple.com> ---
(In reply to comment #3)
> Comment on attachment 257354 [details]
> Patch v1
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=257354&action=review
> 
> Hrmpf. Nice.
> 
> > LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt:3
> > +CONSOLE MESSAGE: Refused to load the font 'http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff' because it violates the following Content Security Policy directive: "font-src http://webkit.org".
> > +
> > +CONSOLE MESSAGE: Refused to load the font 'http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff' because it violates the following Content Security Policy directive: "font-src http://webkit.org".
> 
> Why is this logged twice, do we have a bug?

No - the style sheet is injected into both frames, so the CSP fires twice.
> 
> > LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html:8
> > +    testRunner.addUserStyleSheet("@font-face { font-family: ExampleFont; src: url(example_font.woff); }", true);
> 
> I wonder if this can also be reproduced with something like
> 
> <iframe src="http://www.apple.com"></iframe>
> <script>
> frames[0].document.write(theStylesheet);
> </script>
> 

That wouldn't do it, because initial document creation is synchronous, and completed by the time you get to document.write.

By the time you get there, you'd have the networking context and wouldn't repro the crash.

> > Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:255
> > +    // We shouldn't be sending ping loads during that process anyways.
> 
> What do other browsers do? I wonder if "shouldn't" may be too assertive.
> 
> It feels like we shouldn't apply user stylesheets in initial documents, what
> do you think?

Perhaps it is too assertive. I'll relax it before landing.

I postulated at least one other solution in the radar but it seems much higher risk.

I'm not sure whether or not user sheets should apply to the initial empty document - I'd want Simon, Antti, Andreas, etc to comment.

As is, this patch restores precisely the behavior we had before https://trac.webkit.org/changeset/186530 - I'm pretty confident in that interim step while we explore what we should *really* be doing here.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150723/1ce5bb6e/attachment.html>


More information about the webkit-unassigned mailing list