<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Crash calling webSocket.close() from onError handler for blocked web socket"
   href="https://bugs.webkit.org/show_bug.cgi?id=147411">147411</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Crash calling webSocket.close() from onError handler for blocked web socket
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>528+ (Nightly build)
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Page Loading
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned&#64;lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>beidson&#64;apple.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Crash calling webSocket.close() from onError handler for blocked web socket

This was introduced with <a href="http://trac.webkit.org/changeset/185848">http://trac.webkit.org/changeset/185848</a>, but isn't really a regression in the traditional sense.

In radar rdar://problem/21771620

In the crashing frame, the m_handshake is null, because the error callback is happening before there was ever a handshake.

<span class="quote">&gt;  1 com.apple.WebCore              0x7fff862c0e99 WebCore::URL::stringCenterEllipsizedToLength(unsigned int) const + 0x19</span >
   2 com.apple.WebCore              0x7fff86338c78 WebCore::WebSocketChannel::fail(WTF::String const&amp;) + 0x88
   3 com.apple.WebCore              0x7fff86336232 WebCore::WebSocket::close(int, WTF::String const&amp;, int&amp;) + 0x162
   4 com.apple.WebCore              0x7fff85ea5994 WebCore::jsWebSocketPrototypeFunctionClose(JSC::ExecState*) + 0x104
   5                                0x0000290f31801028 0 + 45145231724584
   6 com.apple.JavaScriptCore       0x7fff8934e706 llint_entry + 0x598d
   7 com.apple.JavaScriptCore       0x7fff8934e706 llint_entry + 0x598d
   8 com.apple.JavaScriptCore       0x7fff89348b69 vmEntryToJavaScript + 0x146
   9 com.apple.JavaScriptCore       0x7fff89271879 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 0xa9
  10 com.apple.JavaScriptCore       0x7fff88e4b49d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&amp;, JSC::JSValue, JSC::ArgList const&amp;) + 0x1ed
  11 com.apple.JavaScriptCore       0x7fff88e4b29e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&amp;, JSC::JSValue, JSC::ArgList const&amp;) + 0x3e
  12 com.apple.JavaScriptCore       0x7fff88f6228a JSC::boundFunctionCall(JSC::ExecState*) + 0x24a
  13 com.apple.JavaScriptCore       0x7fff89348d02 vmEntryToNative + 0x14c
  14 com.apple.JavaScriptCore       0x7fff88e4b4dd JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&amp;, JSC::JSValue, JSC::ArgList const&amp;) + 0x22d
  15 com.apple.JavaScriptCore       0x7fff88fe5807 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&amp;, JSC::JSValue, JSC::ArgList const&amp;, WTF::NakedPtr&lt;JSC::Exception&gt;&amp;) + 0x47
  16 com.apple.WebCore              0x7fff8552ce6a WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 0x3ea
  17 com.apple.WebCore              0x7fff859553bb WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector&lt;WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul&gt;&amp;) + 0x27b
  18 com.apple.WebCore              0x7fff85436ba0 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 0xe0
  19 com.apple.WebCore              0x7fff8552a69d WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr&lt;WebCore::Event&gt;) + 0x5d
  20 com.apple.WebCore              0x7fff8633735a std::__1::__function::__func&lt;WebCore::WebSocket::connect(WTF::String const&amp;, WTF::Vector&lt;WTF::String, 0ul, WTF::CrashOnOverflow, 16ul&gt; const&amp;, int&amp;)::$_0, std::__1::allocator&lt;WebCore::WebSocket::connect(WTF::String const&amp;, WTF::Vector&lt;WTF::String, 0ul, WTF::CrashOnOverflow, 16ul&gt; const&amp;, int&amp;)::$_0&gt;, void ()&gt;::operator()() + 0x4a
  21 com.apple.JavaScriptCore       0x7fff8942ef86 WTF::RunLoop::performWork() + 0x1b6</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>