[Webkit-unassigned] [Bug 145038] New: FrameLoader::commitProvisionalLoad crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 14 21:49:08 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=145038
Bug ID: 145038
Summary: FrameLoader::commitProvisionalLoad crash
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: iOS
OS: iOS 8.2
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ljin.zq at gmail.com
I use test UIWebView with my own monkey test .
The monkey test will do the following test case:
1ã€open random url
2ã€goBack
3ã€goForward
4ã€close UIWebView then open it
5ã€stopLoading
After test for half hours , I found some crash.
In function FrameLoader::commitProvisionalLoad , the following code:
StringWithDirection title = m_documentLoader->title();
if (!title.isNull())
m_client.dispatchDidReceiveTitle(title);
The "m_documentLoader" is NULL. I think we should check it before use "m_documentLoader".
This is my first time to report it bug at Webkit.org, what should I do to help to fix this bug?
Thread 1 crash stack:
* thread #1: tid = 0x14e67, 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x448)
* frame #0: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44
frame #1: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44
frame #2: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::String::String(WTF::String const&) at WTFString.h:132
frame #3: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::String::String(WTF::String const&) at WTFString.h:132
frame #4: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WebCore::StringWithDirection::StringWithDirection(WebCore::StringWithDirection const&) at StringWithDirection.h:47
frame #5: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WebCore::StringWithDirection::StringWithDirection(WebCore::StringWithDirection const&) at StringWithDirection.h:47
frame #6: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad(this=0x35391710) + 806 at FrameLoader.cpp:1802
frame #7: 0x0f1ba48b WebCore`WebCore::FrameLoader::loadProvisionalItemFromCachedPage(this=<unavailable>) + 203 at FrameLoader.cpp:3094
frame #8: 0x0f1bd35a WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) [inlined] WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const + 33 at FrameLoader.cpp:1458
frame #9: 0x0f1bd339 WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) [inlined] decltype(std::__1::forward<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&>(fp)(std::__1::forward<WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(fp0))) std::__1::__invoke<WebCore::FrameLoader::loadWithDocumentLoader(WebCo
frame #10: 0x0f1bd339 WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator(this=0xbfffc020, __arg=0xbfffbe80, __arg=0xbfffbca0, __arg=0xbfffbcaa)(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) + 41 at functional:1370
frame #11: 0x0f959ebb WebCore`WebCore::PolicyCallback::call(bool) [inlined] std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator(__arg=<unavailable>)(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const + 75 at functional:1756
frame #12: 0x0f959e9f WebCore`WebCore::PolicyCallback::call(this=0xbfffbe80, shouldContinue=true) + 47 at PolicyCallback.cpp:95
frame #13: 0x0f95c478 WebCore`WebCore::PolicyChecker::continueAfterNavigationPolicy(this=<unavailable>, policy=<unavailable>) + 840 at PolicyChecker.cpp:206
frame #14: 0x0f95d41d WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) [inlined] WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1::operator()(WebCore::PolicyAction) const + 29 at PolicyChecker.cpp:123
frame #15: 0x0f95d411 WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) [inlined] decltype(std::__1::forward<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1&>(fp)(std::__1::forward<WebCore::PolicyAction>(fp0))) std:
frame #16: 0x0f95d411 WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator(this=0xbfffc0b0, __arg=0xbfffc0ac)(WebCore::PolicyAction&&) + 17 at functional:1370
frame #17: 0x0eb4a511 WebKitLegacy`-[WebFramePolicyListener receivedPolicyDecision:] [inlined] std::__1::function<void (WebCore::PolicyAction)>::operator(__arg=<unavailable>)(WebCore::PolicyAction) const + 24 at functional:1756
frame #18: 0x0eb4a4f9 WebKitLegacy`-[WebFramePolicyListener receivedPolicyDecision:](self=<unavailable>, _cmd=0x0ebdffc4, action=<unavailable>) + 169 at WebFrameLoaderClient.mm:2340
frame #19: 0x0eb4a689 WebKitLegacy`-[WebFramePolicyListener use](self=0x21148a00, _cmd=0x0e87ab46) + 41 at WebFrameLoaderClient.mm:2369
frame #20: 0x07c0e656 UIKit`-[UIWebView webView:decidePolicyForNavigationAction:request:frame:decisionListener:] + 844
frame #21: 0x07c10bb9 UIKit`-[UIWebViewWebViewDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:] + 80
frame #22: 0x0644284d CoreFoundation`__invoking___ + 29
frame #23: 0x064426f8 CoreFoundation`-[NSInvocation invoke] + 360
frame #24: 0x064db32a CoreFoundation`-[NSInvocation invokeWithTarget:] + 74
frame #25: 0x0eba6540 WebKitLegacy`-[_WebSafeForwarder forwardInvocation:](self=<unavailable>, _cmd=0x0a9dc6a4, invocation=0x1bf0bbb0) + 160 at WebView.mm:4611
frame #26: 0x064b004e CoreFoundation`___forwarding___ + 478
frame #27: 0x064afe4e CoreFoundation`__forwarding_prep_0___ + 14
frame #28: 0x0644284d CoreFoundation`__invoking___ + 29
frame #29: 0x064426f8 CoreFoundation`-[NSInvocation invoke] + 360
frame #30: 0x0fe80d16 WebCore`HandleDelegateSource(void*) [inlined] SendMessage(invocation=0x211907b0) + 18 at WebCoreThread.mm:150
frame #31: 0x0fe80d04 WebCore`HandleDelegateSource(info=0x00000000) + 100 at WebCoreThread.mm:178
frame #32: 0x0648306f CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 15
frame #33: 0x06478b7d CoreFoundation`__CFRunLoopDoSources0 + 253
frame #34: 0x064780d8 CoreFoundation`__CFRunLoopRun + 952
frame #35: 0x06477a5b CoreFoundation`CFRunLoopRunSpecific + 443
frame #36: 0x0647788b CoreFoundation`CFRunLoopRunInMode + 123
frame #37: 0x0c1ce2c9 GraphicsServices`GSEventRunModal + 192
frame #38: 0x0c1ce106 GraphicsServices`GSEventRun + 104
frame #39: 0x07935106 UIKit`UIApplicationMain + 1526
frame #40: 0x00002dc6 UCWEB`main(argc=1, argv=0xbfffd2bc) + 230 at main.mm:161
frame #41: 0x0b230ac9 libdyld.dylib`start + 1
Webthread Satck:
* thread #10: tid = 0x14ed3, 0x0b51d512 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'WebThread'
* frame #0: 0x0b51d512 libsystem_kernel.dylib`__psynch_cvwait + 10
frame #1: 0x0b54aa4a libsystem_pthread.dylib`_pthread_cond_wait + 726
frame #2: 0x0b54e20c libsystem_pthread.dylib`pthread_cond_timedwait$UNIX2003 + 71
frame #3: 0x0fe7fbb9 WebCore`SendDelegateMessage(NSInvocation*) [inlined] WebTimedConditionLock(condition=<unavailable>, lock=<unavailable>, interval=10) + 633 at WebCoreThread.mm:780
frame #4: 0x0fe7fb4a WebCore`SendDelegateMessage(invocation=<unavailable>) + 522 at WebCoreThread.mm:220
frame #5: 0x0eba64d5 WebKitLegacy`-[_WebSafeForwarder forwardInvocation:](self=<unavailable>, _cmd=0x0a9dc6a4, invocation=0x211907b0) + 53 at WebView.mm:4605
frame #6: 0x064b004e CoreFoundation`___forwarding___ + 478
frame #7: 0x064afe4e CoreFoundation`__forwarding_prep_0___ + 14
frame #8: 0x0eb456d6 WebKitLegacy`WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(this=<unavailable>, action=0xb0479390, request=<unavailable>, formState=PassRefPtr<WebCore::FormState> at 0xb0479298, function=<unavailable>)>) + 294 at WebFrameLoaderClient.mm:912
frame #9: 0x0f95b816 WebCore`WebCore::PolicyChecker::checkNavigationPolicy(this=0x18898000, request=<unavailable>, loader=<unavailable>, formState=<unavailable>, function=<unavailable>)>) + 3126 at PolicyChecker.cpp:122
frame #10: 0x0f1b3008 WebCore`WebCore::FrameLoader::loadWithDocumentLoader(this=<unavailable>, loader=0x00000000, type=<unavailable>, prpFormState=<unavailable>, allowNavigationToInvalidURL=<unavailable>) + 2360 at FrameLoader.cpp:1457
frame #11: 0x0f1ac46c WebCore`WebCore::FrameLoader::loadDifferentDocumentItem(this=<unavailable>, item=<unavailable>, loadType=<unavailable>, cacheLoadPolicy=<unavailable>) + 700 at FrameLoader.cpp:3161
frame #12: 0x0f1bbd0b WebCore`WebCore::FrameLoader::loadItem(this=0x35391710, item=0x49b74bc8, loadType=<unavailable>) + 123 at FrameLoader.cpp:3246
frame #13: 0x0f239c4d WebCore`WebCore::HistoryController::recursiveGoToItem(this=<unavailable>, item=<unavailable>, fromItem=<unavailable>, type=<unavailable>) + 397 at HistoryController.cpp:736
frame #14: 0x0f239845 WebCore`WebCore::HistoryController::goToItem(this=<unavailable>, targetItem=<unavailable>, type=<unavailable>) + 197 at HistoryController.cpp:302
frame #15: 0x0f9232c5 WebCore`WebCore::Page::goToItem(this=<unavailable>, item=0x49b74bc8, type=<unavailable>) + 85 at Page.cpp:448
frame #16: 0x0ede11a7 WebCore`WebCore::BackForwardController::goForward(this=0x41f4a6c0) + 55 at BackForwardController.cpp:96
frame #17: 0x0eba8281 WebKitLegacy`__20-[WebView goForward]_block_invoke(.block_descriptor=0x2473c970) + 49 at WebView.mm:5641
frame #18: 0x0fe8195a WebCore`HandleRunSource(void*) [inlined] (anonymous namespace)::WebThreadBlock::operator()() const + 14 at WebCoreThreadRun.cpp:97
frame #19: 0x0fe8194c WebCore`HandleRunSource(info=0x00000000) + 380 at WebCoreThreadRun.cpp:133
frame #20: 0x0648306f CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 15
frame #21: 0x06478c4e CoreFoundation`__CFRunLoopDoSources0 + 462
frame #22: 0x064780d8 CoreFoundation`__CFRunLoopRun + 952
frame #23: 0x06477a5b CoreFoundation`CFRunLoopRunSpecific + 443
frame #24: 0x0647788b CoreFoundation`CFRunLoopRunInMode + 123
frame #25: 0x0fe810f0 WebCore`RunWebThread(arg=0x00000000) + 608 at WebCoreThread.mm:692
frame #26: 0x0b549e13 libsystem_pthread.dylib`_pthread_body + 138
frame #27: 0x0b549d89 libsystem_pthread.dylib`_pthread_start + 162
frame #28: 0x0b547e52 libsystem_pthread.dylib`thread_start + 34
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150515/aa66385d/attachment-0001.html>
More information about the webkit-unassigned
mailing list