<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - FrameLoader::commitProvisionalLoad crash"
href="https://bugs.webkit.org/show_bug.cgi?id=145038">145038</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>FrameLoader::commitProvisionalLoad crash
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>iOS
</td>
</tr>
<tr>
<th>OS</th>
<td>iOS 8.2
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebCore Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ljin.zq@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>I use test UIWebView with my own monkey test .
The monkey test will do the following test case:
1、open random url
2、goBack
3、goForward
4、close UIWebView then open it
5、stopLoading
After test for half hours , I found some crash.
In function FrameLoader::commitProvisionalLoad , the following code:
StringWithDirection title = m_documentLoader->title();
if (!title.isNull())
m_client.dispatchDidReceiveTitle(title);
The "m_documentLoader" is NULL. I think we should check it before use "m_documentLoader".
This is my first time to report it bug at Webkit.org, what should I do to help to fix this bug?
Thread 1 crash stack:
* thread #1: tid = 0x14e67, 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x448)
* frame #0: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44
frame #1: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::RefPtr<WTF::StringImpl>::RefPtr(WTF::RefPtr<WTF::StringImpl> const&) at RefPtr.h:44
frame #2: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::String::String(WTF::String const&) at WTFString.h:132
frame #3: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WTF::String::String(WTF::String const&) at WTFString.h:132
frame #4: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WebCore::StringWithDirection::StringWithDirection(WebCore::StringWithDirection const&) at StringWithDirection.h:47
frame #5: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad() [inlined] WebCore::StringWithDirection::StringWithDirection(WebCore::StringWithDirection const&) at StringWithDirection.h:47
frame #6: 0x0f1b62b6 WebCore`WebCore::FrameLoader::commitProvisionalLoad(this=0x35391710) + 806 at FrameLoader.cpp:1802
frame #7: 0x0f1ba48b WebCore`WebCore::FrameLoader::loadProvisionalItemFromCachedPage(this=<unavailable>) + 203 at FrameLoader.cpp:3094
frame #8: 0x0f1bd35a WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) [inlined] WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const + 33 at FrameLoader.cpp:1458
frame #9: 0x0f1bd339 WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) [inlined] decltype(std::__1::forward<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&>(fp)(std::__1::forward<WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormStat
frame #10: 0x0f1bd339 WebCore`std::__1::__function::__func<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4, std::__1::allocator<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator(this=0xbfffc020, __arg=0xbfffbe80, __arg=0xbfffbca0, __arg=0xbfffbcaa)(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) + 41 at functional:1370
frame #11: 0x0f959ebb WebCore`WebCore::PolicyCallback::call(bool) [inlined] std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator(__arg=<unavailable>)(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const + 75 at functional:1756
frame #12: 0x0f959e9f WebCore`WebCore::PolicyCallback::call(this=0xbfffbe80, shouldContinue=true) + 47 at PolicyCallback.cpp:95
frame #13: 0x0f95c478 WebCore`WebCore::PolicyChecker::continueAfterNavigationPolicy(this=<unavailable>, policy=<unavailable>) + 840 at PolicyChecker.cpp:206
frame #14: 0x0f95d41d WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) [inlined] WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, boo
frame #15: 0x0f95d411 WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) [inlined] decltype(std::__1::forward<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr&
frame #16: 0x0f95d411 WebCore`std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>)::$_1>, void (WebCore::PolicyAction)>::operator(this=0xbfffc0b0, __arg=0xbfffc0ac)(WebCore::PolicyAction&&) + 17 at functional:1370
frame #17: 0x0eb4a511 WebKitLegacy`-[WebFramePolicyListener receivedPolicyDecision:] [inlined] std::__1::function<void (WebCore::PolicyAction)>::operator(__arg=<unavailable>)(WebCore::PolicyAction) const + 24 at functional:1756
frame #18: 0x0eb4a4f9 WebKitLegacy`-[WebFramePolicyListener receivedPolicyDecision:](self=<unavailable>, _cmd=0x0ebdffc4, action=<unavailable>) + 169 at WebFrameLoaderClient.mm:2340
frame #19: 0x0eb4a689 WebKitLegacy`-[WebFramePolicyListener use](self=0x21148a00, _cmd=0x0e87ab46) + 41 at WebFrameLoaderClient.mm:2369
frame #20: 0x07c0e656 UIKit`-[UIWebView webView:decidePolicyForNavigationAction:request:frame:decisionListener:] + 844
frame #21: 0x07c10bb9 UIKit`-[UIWebViewWebViewDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:] + 80
frame #22: 0x0644284d CoreFoundation`__invoking___ + 29
frame #23: 0x064426f8 CoreFoundation`-[NSInvocation invoke] + 360
frame #24: 0x064db32a CoreFoundation`-[NSInvocation invokeWithTarget:] + 74
frame #25: 0x0eba6540 WebKitLegacy`-[_WebSafeForwarder forwardInvocation:](self=<unavailable>, _cmd=0x0a9dc6a4, invocation=0x1bf0bbb0) + 160 at WebView.mm:4611
frame #26: 0x064b004e CoreFoundation`___forwarding___ + 478
frame #27: 0x064afe4e CoreFoundation`__forwarding_prep_0___ + 14
frame #28: 0x0644284d CoreFoundation`__invoking___ + 29
frame #29: 0x064426f8 CoreFoundation`-[NSInvocation invoke] + 360
frame #30: 0x0fe80d16 WebCore`HandleDelegateSource(void*) [inlined] SendMessage(invocation=0x211907b0) + 18 at WebCoreThread.mm:150
frame #31: 0x0fe80d04 WebCore`HandleDelegateSource(info=0x00000000) + 100 at WebCoreThread.mm:178
frame #32: 0x0648306f CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 15
frame #33: 0x06478b7d CoreFoundation`__CFRunLoopDoSources0 + 253
frame #34: 0x064780d8 CoreFoundation`__CFRunLoopRun + 952
frame #35: 0x06477a5b CoreFoundation`CFRunLoopRunSpecific + 443
frame #36: 0x0647788b CoreFoundation`CFRunLoopRunInMode + 123
frame #37: 0x0c1ce2c9 GraphicsServices`GSEventRunModal + 192
frame #38: 0x0c1ce106 GraphicsServices`GSEventRun + 104
frame #39: 0x07935106 UIKit`UIApplicationMain + 1526
frame #40: 0x00002dc6 UCWEB`main(argc=1, argv=0xbfffd2bc) + 230 at main.mm:161
frame #41: 0x0b230ac9 libdyld.dylib`start + 1
Webthread Satck:
* thread #10: tid = 0x14ed3, 0x0b51d512 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'WebThread'
* frame #0: 0x0b51d512 libsystem_kernel.dylib`__psynch_cvwait + 10
frame #1: 0x0b54aa4a libsystem_pthread.dylib`_pthread_cond_wait + 726
frame #2: 0x0b54e20c libsystem_pthread.dylib`pthread_cond_timedwait$UNIX2003 + 71
frame #3: 0x0fe7fbb9 WebCore`SendDelegateMessage(NSInvocation*) [inlined] WebTimedConditionLock(condition=<unavailable>, lock=<unavailable>, interval=10) + 633 at WebCoreThread.mm:780
frame #4: 0x0fe7fb4a WebCore`SendDelegateMessage(invocation=<unavailable>) + 522 at WebCoreThread.mm:220
frame #5: 0x0eba64d5 WebKitLegacy`-[_WebSafeForwarder forwardInvocation:](self=<unavailable>, _cmd=0x0a9dc6a4, invocation=0x211907b0) + 53 at WebView.mm:4605
frame #6: 0x064b004e CoreFoundation`___forwarding___ + 478
frame #7: 0x064afe4e CoreFoundation`__forwarding_prep_0___ + 14
frame #8: 0x0eb456d6 WebKitLegacy`WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(this=<unavailable>, action=0xb0479390, request=<unavailable>, formState=PassRefPtr<WebCore::FormState> at 0xb0479298, function=<unavailable>)>) + 294 at WebFrameLoaderClient.mm:912
frame #9: 0x0f95b816 WebCore`WebCore::PolicyChecker::checkNavigationPolicy(this=0x18898000, request=<unavailable>, loader=<unavailable>, formState=<unavailable>, function=<unavailable>)>) + 3126 at PolicyChecker.cpp:122
frame #10: 0x0f1b3008 WebCore`WebCore::FrameLoader::loadWithDocumentLoader(this=<unavailable>, loader=0x00000000, type=<unavailable>, prpFormState=<unavailable>, allowNavigationToInvalidURL=<unavailable>) + 2360 at FrameLoader.cpp:1457
frame #11: 0x0f1ac46c WebCore`WebCore::FrameLoader::loadDifferentDocumentItem(this=<unavailable>, item=<unavailable>, loadType=<unavailable>, cacheLoadPolicy=<unavailable>) + 700 at FrameLoader.cpp:3161
frame #12: 0x0f1bbd0b WebCore`WebCore::FrameLoader::loadItem(this=0x35391710, item=0x49b74bc8, loadType=<unavailable>) + 123 at FrameLoader.cpp:3246
frame #13: 0x0f239c4d WebCore`WebCore::HistoryController::recursiveGoToItem(this=<unavailable>, item=<unavailable>, fromItem=<unavailable>, type=<unavailable>) + 397 at HistoryController.cpp:736
frame #14: 0x0f239845 WebCore`WebCore::HistoryController::goToItem(this=<unavailable>, targetItem=<unavailable>, type=<unavailable>) + 197 at HistoryController.cpp:302
frame #15: 0x0f9232c5 WebCore`WebCore::Page::goToItem(this=<unavailable>, item=0x49b74bc8, type=<unavailable>) + 85 at Page.cpp:448
frame #16: 0x0ede11a7 WebCore`WebCore::BackForwardController::goForward(this=0x41f4a6c0) + 55 at BackForwardController.cpp:96
frame #17: 0x0eba8281 WebKitLegacy`__20-[WebView goForward]_block_invoke(.block_descriptor=0x2473c970) + 49 at WebView.mm:5641
frame #18: 0x0fe8195a WebCore`HandleRunSource(void*) [inlined] (anonymous namespace)::WebThreadBlock::operator()() const + 14 at WebCoreThreadRun.cpp:97
frame #19: 0x0fe8194c WebCore`HandleRunSource(info=0x00000000) + 380 at WebCoreThreadRun.cpp:133
frame #20: 0x0648306f CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 15
frame #21: 0x06478c4e CoreFoundation`__CFRunLoopDoSources0 + 462
frame #22: 0x064780d8 CoreFoundation`__CFRunLoopRun + 952
frame #23: 0x06477a5b CoreFoundation`CFRunLoopRunSpecific + 443
frame #24: 0x0647788b CoreFoundation`CFRunLoopRunInMode + 123
frame #25: 0x0fe810f0 WebCore`RunWebThread(arg=0x00000000) + 608 at WebCoreThread.mm:692
frame #26: 0x0b549e13 libsystem_pthread.dylib`_pthread_body + 138
frame #27: 0x0b549d89 libsystem_pthread.dylib`_pthread_start + 162
frame #28: 0x0b547e52 libsystem_pthread.dylib`thread_start + 34</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>