<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange"
href="https://bugs.webkit.org/show_bug.cgi?id=147418">147418</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Page Loading
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>beidson@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange
There's a few different ways into this crash, but the tops of the stacks look like:
Thread 0 Crashed:
0 WebCore 0x000000019588607c WebCore::DocumentLoader::stopLoadingForPolicyChange() + 40 (DocumentLoader.cpp:769)
1 WebCore 0x00000001958877b4 std::__1::__function::__func<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0, std::__1::allocator<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) + 40 (DocumentLoader.cpp:564)
2 WebCore 0x00000001958877b4 std::__1::__function::__func<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0, std::__1::allocator<WebCore::DocumentLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&)::$_0>, void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) + 40 (DocumentLoader.cpp:564)
3 WebCore 0x000000019558e5a4 WebCore::PolicyCallback::cancel() + 164 (functional:1793)
4 WebCore 0x000000019558e06c WebCore::PolicyChecker::stopCheck() + 84 (PolicyChecker.cpp:161)
5 WebCore 0x00000001959a26e8 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*,
...
In stopLoadingForPolicyChange, frameLoader() is null.
This can only happen when m_frame is null.
That can only happen if the DocumentLoader has been detached from its Frame.
No known reproducibility.
We need to make absolutely sure that once the Frame is detached there are no outstanding policy callbacks.
In Radar - <rdar://problem/21412186></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>