[Webkit-unassigned] [Bug 144975] New: Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 13 17:26:06 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=144975

            Bug ID: 144975
           Summary: Crash in WebCore::DocumentLoader::detachFromFrame when
                    -[id<WebPolicyDelegate>
                    decidePolicyForMIMEType:request:frame:decisionListener
                    :] fails to call -[id<WebPolicyDecisionListener>
                    download|ignore|use]
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ddkilzer at webkit.org
                CC: aestes at apple.com, beidson at apple.com, cdumez at apple.com

If an app overrides -decidePolicyForMIMEType:request:frame:decisionListener: in their id<WebPolicyDelegate> object and doesn't call one of three methods on id<WebPolicyDecisionListener> (-download, -ignore or -use), then the app will crash due to a RELEASE_ASSERT() added in r179958.

<http://trac.webkit.org/r179958>

This was not the intention of these RELEASE_ASSERT() changes (they were to catch the cause of a different crash which we think we found the cause of), so we can change these back to Debug-only ASSERT() statements.

Note that the app SHOULD be calling -download, -ignore or -use inside their -[id<WebPolicyDelegate> -decidePolicyForMIMEType:request:frame:decisionListener:] method, but it shouldn't cause a crash, and there's no easy way to fix this without further risk of compatibility issues (due to additional callbacks being made).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150514/adb2abe0/attachment-0001.html>

More information about the webkit-unassigned mailing list