[Webkit-unassigned] [Bug 197902] New: Constant crashes under WebPage::isThrottleable() after r245299

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=197902

            Bug ID: 197902
           Summary: Constant crashes under WebPage::isThrottleable() after
                    r245299
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: thorton at apple.com

If you window.open (I can give you exact repro steps offline), you'll often crash under this stack:

WebKit::WebPage::isThrottleable() const
auto WebKit::WebProcess::areAllPagesThrottleable()
bool WTF::allOf<WTF::SizedIteratorRange<WTF::HashMap<unsigned long long, ...
WebKit::WebProcess::areAllPagesThrottleable() const
WebKit::WebSWClientConnection::updateThrottleState()
WebKit::WebPage::updateThrottleState()
WebKit::WebPage::WebPage(unsigned long long, WebKit::WebPageCreationParameters&&)
WebKit::WebPage::WebPage(unsigned long long, WebKit::WebPageCreationParameters&&) [inlined]
WebKit::WebPage::create(unsigned long long, WebKit::WebPageCreationParameters&&)
WebKit::WebProcess::createWebPage(unsigned long long, WebKit::WebPageCreationParameters&&)
void IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess...

Because WebProcess::createWebPage has added an item to m_pageMap, and then areAllPagesThrottleable iterates m_pageMap before the new item has been assigned a value.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190515/86031f7c/attachment.html>