[Webkit-unassigned] [Bug 194820] New: REGRESSION(r240909): Release assertion in FrameLoader::loadPostRequest when opening new window

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 19 10:39:45 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=194820

            Bug ID: 194820
           Summary: REGRESSION(r240909): Release assertion in
                    FrameLoader::loadPostRequest when opening new window
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
                CC: beidson at apple.com

e.g.

Thread[0] EXC_BREAKPOINT (SIGTRAP) (0x0000000000000002, 0x0000000000000000)
[  0] 0x00007fff5a1b0ca3 WebCore`WTFCrashWithInfo(int, char const*, char const*, int) + 19

     0x00007fff5a1b0c97:     movq %rsi, -0x18(%rbp)
     0x00007fff5a1b0c9b:     movq %rdx, -0x10(%rbp)
     0x00007fff5a1b0c9f:     movl %ecx, -0x4(%rbp)
     0x00007fff5a1b0ca2:     int3 
 ->  0x00007fff5a1b0ca3:      ud2 
     0x00007fff5a1b0ca5:     nopw %cs:(%rax,%rax)
     0x00007fff5a1b0caf:      nop 

[  1] 0x00007fff5b1293cb WebCore`WebCore::FrameLoader::loadPostRequest(WebCore::FrameLoadRequest&&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&, WTF::CompletionHandler<void ()>&&) + 1515 at FrameLoader.cpp:2999:9
       2995                 targetFrame->loader().loadWithNavigationAction(workingResourceRequest, WTFMove(action), lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, WTFMove(completionHandler));
       2996                 return;
       2997             }
       2998     
    -> 2999             RELEASE_ASSERT(!isBackForwardLoadType(policyChecker().loadType()));
       3000             policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(workingResourceRequest), WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = WTFMove(completionHandler)] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) mutable {
       3001                 continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy);
       3002                 completionHandler();
       3003             });

[  2] 0x00007fff5b1253a1 WebCore`WebCore::FrameLoader::loadFrameRequest(WebCore::FrameLoadRequest&&, WebCore::Event*, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&) + 817 at FrameLoader.cpp:1289:9
       1285             }
       1286         };
       1287     
       1288         if (request.resourceRequest().httpMethod() == "POST")
    -> 1289             loadPostRequest(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(completionHandler));
       1290         else
       1291             loadURL(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(completionHandler));
       1292     }
       1293     

[  3] 0x00007fff5b140c95 WebCore`WebCore::ScheduledFormSubmission::fire(WebCore::Frame&) + 517 at NavigationScheduler.cpp:277:24
       273              if (!requestingDocument.canNavigate(&frame))
       274                  return;
       275              FrameLoadRequest frameLoadRequest { requestingDocument, requestingDocument.securityOrigin(), { }, { }, lockHistory(), lockBackForwardList(), MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Allow, shouldOpenExternalURLs(), initiatedByMainFrame() };
       276              m_submission->populateFrameLoadRequest(frameLoadRequest);
    -> 277              frame.loader().loadFrameRequest(WTFMove(frameLoadRequest), m_submission->event(), m_submission->takeState());
       278          }
       279      
       280          void didStartTimer(Frame& frame, Timer& timer) override
       281          {

[  4] 0x00007fff5b13c9a5 WebCore`WebCore::NavigationScheduler::timerFired() + 101 at NavigationScheduler.cpp:510:15
[  5] 0x00007fff59fcd707 WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal() + 167 at ThreadTimers.cpp:129:23
[  6] 0x00007fff59fcd64e WebCore`WebCore::timerFired(__CFRunLoopTimer*, void*) + 30 at MainThreadSharedTimerCF.cpp:74:40

<rdar://problem/48187427>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190219/65ccbc3f/attachment-0001.html>

More information about the webkit-unassigned mailing list