[Webkit-unassigned] [Bug 187121] New: WebKitLegacy: Can trigger recursive loads

Wed Jun 27 16:07:00 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=187121

            Bug ID: 187121
           Summary: WebKitLegacy: Can trigger recursive loads
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bfulgham at webkit.org

While investigating Bug 187008 I found that some WebKitLegacy clients trigger recursive loads while cancelling the loading of web content into a WebView.

This has the following impacts:

1. FrameLoader::continueLoadAfterNavigationPolicy gets entered with a nullptr Policy Document Loader as well as a nullptr Provisional Document Loader. If we continue in this state, we hit a ton of assertions, and eventually crash with a nullptr exception. If we return early, the cancel and alternate page load complete properly.

2. WebFrameLoaderClient::dispatchDidStartProvisionalLoad can be re-entered which triggers a set of assertions and eventually a nullptr dereference. If we keep track of whether we have started a load on the current client object, and return early in those cases, the cancel and alternate page load complete properly.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180627/893d2462/attachment.html>