[Webkit-unassigned] [Bug 147418] New: Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 29 13:53:23 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=147418

            Bug ID: 147418
           Summary: Crash in
                    WebCore::DocumentLoader::stopLoadingForPolicyChange
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: beidson at apple.com

Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange

There's a few different ways into this crash, but the tops of the stacks look like:

Thread 0 Crashed:
0   WebCore                           0x000000019588607c WebCore::DocumentLoader::stopLoadingForPolicyChange() + 40 (DocumentLoader.cpp:769)
1   WebCore                           0x00000001958877b4 std::__1::__function::__func<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0, std::__1::allocator<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) + 40 (DocumentLoader.cpp:564)
2   WebCore                           0x00000001958877b4 std::__1::__function::__func<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0, std::__1::allocator<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) + 40 (DocumentLoader.cpp:564)
3   WebCore                           0x000000019558e5a4 WebCore::PolicyCallback::cancel() + 164 (functional:1793)
4   WebCore                           0x000000019558e06c WebCore::PolicyChecker::stopCheck() + 84 (PolicyChecker.cpp:161)
5   WebCore                           0x00000001959a26e8 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*,
...

In stopLoadingForPolicyChange, frameLoader() is null.
This can only happen when m_frame is null.
That can only happen if the DocumentLoader has been detached from its Frame.

No known reproducibility.

We need to make absolutely sure that once the Frame is detached there are no outstanding policy callbacks.

In Radar - <rdar://problem/21412186>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150729/67e43aa6/attachment.html>

More information about the webkit-unassigned mailing list