[Webkit-unassigned] [Bug 180174] REGRESSION: Layout Test storage/indexeddb/detached-iframe.html is a flaky crash

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=180174

--- Comment #4 from Joseph Pecoraro <joepeck at webkit.org> ---
The crash looks like a null Frame:

> Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
> Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000040
> 
> ...
> 
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
> 0   com.apple.WebCore             	0x0000000450402a8c WebCore::Frame::page() const + 12 (Frame.h:373)
> 1   com.apple.WebCore             	0x0000000451830325 WebCore::InspectorInstrumentation::instrumentingAgentsForFrame(WebCore::Frame&) + 21 (InspectorInstrumentation.h:1431)
> 2   com.apple.WebCore             	0x0000000452480116 WebCore::InspectorInstrumentation::didDispatchPostMessage(WebCore::Frame&, WebCore::TimerBase&) + 54 (InspectorInstrumentation.h:731)
> 3   com.apple.WebCore             	0x000000045247fe57 WebCore::DOMWindow::postMessageTimerFired(WebCore::PostMessageTimer&) + 551 (DOMWindow.cpp:973)

Coming from:

>    void DOMWindow::postMessageTimerFired(PostMessageTimer& timer)
>    {
>        if (!document() || !isCurrentlyDisplayedInFrame())
>            return;
>
>        ...
>
>        InspectorInstrumentation::willDispatchPostMessage(*m_frame, timer);
>
>        dispatchEvent(timer.event(*document()));
>
>        InspectorInstrumentation::didDispatchPostMessage(*m_frame, timer);
>    }

So my guess is `m_frame` is nullptr by didDispatchPostMessage time (and presumably wasn't at willDispatchPostMessage time).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171201/308a2a28/attachment.html>