[Webkit-unassigned] [Bug 186535] Bad optional access in WebCore::ContentSecurityPolicySource::portMatches

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 11 12:14:23 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=186535

Michael Catanzaro <mcatanzaro at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mcatanzaro at igalia.com

--- Comment #1 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Here's a better backtrace. It's built with -g1 so I don't have local variables, but the problem is clear enough: we now use libstdc++'s std::optional instead of WTF's implementation. The WTF implementation returns harmlessly when the std::optional is set to nullopt. But the standard std::optional throws. Then we abort immediately due to -fno-exceptions.

(gdb) bt
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fe0c6dd64ac in __GI_abort () at abort.c:79
#2  0x00007fe0d3784925 in std::__throw_bad_optional_access () at /usr/include/c++/8.1.0/optional:98
#3  std::optional<unsigned short>::value() const & () at /usr/include/c++/8.1.0/optional:1251
#4  WebCore::ContentSecurityPolicySource::portMatches ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp:95
#5  0x00007fe0d37874e8 in WebCore::ContentSecurityPolicySource::matches ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp:53
#6  0x00007fe0d37900fb in WebCore::ContentSecurityPolicySourceList::matches ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp:138
#7  0x00007fe0d3783b7b in checkSource ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:60
#8  WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:222
#9  0x00007fe0d378dc9b in WebCore::ContentSecurityPolicy::allPoliciesAllow<WebCore::ContentSecurityPolicyDirective const* (WebCore::ContentSecurityPolicyDirectiveList::*)(WebCore::URL const&, bool) const, WebCore::URL const&, bool>(std::function<void (WebCore::ContentSecurityPolicyDirective const&)>&&, WebCore::ContentSecurityPolicyDirective const* (WebCore::ContentSecurityPolicyDirectiveList::*&&)(WebCore::URL const&, bool) const, WebCore::URL const&, bool&&) const ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/csp/ContentSecurityPolicy.cpp:321
#10 0x00007fe0d37858e8 in WebCore::ContentSecurityPolicy::allowConnectToSource ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/csp/ContentSecurityPolicy.cpp:612
#11 0x00007fe0d36e81b7 in WebCore::EventSource::create ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/page/EventSource.cpp:71
#12 0x00007fe0d2b1f58f in WebCore::JSDOMConstructor<WebCore::JSEventSource>::construct ()
    at /run/build-runtime/WebKitGTK+/DerivedSources/WebCore/JSEventSource.cpp:145
#13 0x00007fe0d0f9f53b in JSC::NativeFunction::operator() ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/runtime/NativeFunction.h:50
#14 JSC::TaggedNativeFunction::operator() ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/runtime/NativeFunction.h:84
#15 handleHostCall ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1402
#16 0x00007fe0d0f9f802 in JSC::LLInt::setUpCall ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1449
#17 0x00007fe0d0f9e2c5 in llint_entry () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#18 0x00007fe0d0f97613 in vmEntryToJavaScript ()
   from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#19 0x00007fe0d0eef6b7 in JSC::JITCode::execute ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/jit/JITCodeInlines.h:38
#20 JSC::Interpreter::executeProgram ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/interpreter/Interpreter.cpp:964
#21 0x00007fe0d1103cf1 in JSC::evaluate ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/runtime/Completion.cpp:103
#22 0x00007fe0d1103e84 in JSC::profiledEvaluate ()
    at /run/build-runtime/WebKitGTK+/Source/JavaScriptCore/runtime/Completion.cpp:118
#23 0x00007fe0d30c8a4d in WebCore::JSMainThreadExecState::profiledEvaluate ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/bindings/js/JSMainThreadExecState.h:78
#24 WebCore::ScriptController::evaluateInWorld ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/bindings/js/ScriptController.cpp:130
#25 0x00007fe0d33175c9 in WebCore::ScriptElement::executeClassicScript ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/dom/ScriptElement.cpp:387
#26 0x00007fe0d33228d7 in WebCore::ScriptElement::prepareScript ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/dom/ScriptElement.cpp:267
#27 0x00007fe0d3533e81 in WebCore::HTMLScriptRunner::runScript ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/html/parser/HTMLScriptRunner.cpp:250
#28 0x00007fe0d3534b3e in WebCore::HTMLScriptRunner::execute ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/html/parser/HTMLScriptRunner.cpp:140
#29 0x00007fe0d351f032 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/html/parser/HTMLDocumentParser.cpp:212
#30 0x00007fe0d351f1a9 in WebCore::HTMLDocumentParser::pumpTokenizerLoop ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/html/parser/HTMLDocumentParser.cpp:231
#31 0x00007fe0d351f3ee in WebCore::HTMLDocumentParser::pumpTokenizer ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/html/parser/HTMLDocumentParser.cpp:281
#32 0x00007fe0d3521bef in WebCore::HTMLDocumentParser::resumeParsingAfterYield ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/html/parser/HTMLDocumentParser.cpp:189
#33 0x00007fe0d37e05ee in WebCore::ThreadTimers::sharedTimerFiredInternal ()
    at /run/build-runtime/WebKitGTK+/Source/WebCore/platform/ThreadTimers.cpp:117
#34 0x00007fe0d1432d93 in operator() ()
    at /run/build-runtime/WebKitGTK+/Source/WTF/wtf/glib/RunLoopGLib.cpp:170
#35 _FUN () at /run/build-runtime/WebKitGTK+/Source/WTF/wtf/glib/RunLoopGLib.cpp:176
#36 0x00007fe0c97e7448 in g_main_dispatch (context=0x561130776320) at gmain.c:3176
#37 g_main_context_dispatch (context=context at entry=0x561130776320) at gmain.c:3829
#38 0x00007fe0c97e7838 in g_main_context_iterate (context=0x561130776320, block=block at entry=1, 
    dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3902
#39 0x00007fe0c97e7b32 in g_main_loop_run (loop=0x561130802340) at gmain.c:4098
#40 0x00007fe0d14331f0 in WTF::RunLoop::run ()
    at /run/build-runtime/WebKitGTK+/Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#41 0x00007fe0d2a429b8 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> ()
    at /run/build-runtime/WebKitGTK+/Source/WebKit/Shared/unix/ChildProcessMain.h:61
#42 0x00007fe0c6dd80cb in __libc_start_main (main=0x56112e85ac80 <main()>, argc=3, argv=0x7ffd1f282ee8, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd1f282ed8)
    at ../csu/libc-start.c:308
#43 0x000056112e85ad0a in _start () at ../sysdeps/x86_64/start.S:120

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180611/06485c95/attachment-0001.html>

More information about the webkit-unassigned mailing list