<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash calling webSocket.close() from onError handler for blocked web socket"
href="https://bugs.webkit.org/show_bug.cgi?id=147411">147411</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Crash calling webSocket.close() from onError handler for blocked web socket
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Page Loading
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>beidson@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Crash calling webSocket.close() from onError handler for blocked web socket
This was introduced with <a href="http://trac.webkit.org/changeset/185848">http://trac.webkit.org/changeset/185848</a>, but isn't really a regression in the traditional sense.
In radar rdar://problem/21771620
In the crashing frame, the m_handshake is null, because the error callback is happening before there was ever a handshake.
<span class="quote">> 1 com.apple.WebCore 0x7fff862c0e99 WebCore::URL::stringCenterEllipsizedToLength(unsigned int) const + 0x19</span >
2 com.apple.WebCore 0x7fff86338c78 WebCore::WebSocketChannel::fail(WTF::String const&) + 0x88
3 com.apple.WebCore 0x7fff86336232 WebCore::WebSocket::close(int, WTF::String const&, int&) + 0x162
4 com.apple.WebCore 0x7fff85ea5994 WebCore::jsWebSocketPrototypeFunctionClose(JSC::ExecState*) + 0x104
5 0x0000290f31801028 0 + 45145231724584
6 com.apple.JavaScriptCore 0x7fff8934e706 llint_entry + 0x598d
7 com.apple.JavaScriptCore 0x7fff8934e706 llint_entry + 0x598d
8 com.apple.JavaScriptCore 0x7fff89348b69 vmEntryToJavaScript + 0x146
9 com.apple.JavaScriptCore 0x7fff89271879 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 0xa9
10 com.apple.JavaScriptCore 0x7fff88e4b49d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 0x1ed
11 com.apple.JavaScriptCore 0x7fff88e4b29e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 0x3e
12 com.apple.JavaScriptCore 0x7fff88f6228a JSC::boundFunctionCall(JSC::ExecState*) + 0x24a
13 com.apple.JavaScriptCore 0x7fff89348d02 vmEntryToNative + 0x14c
14 com.apple.JavaScriptCore 0x7fff88e4b4dd JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 0x22d
15 com.apple.JavaScriptCore 0x7fff88fe5807 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 0x47
16 com.apple.WebCore 0x7fff8552ce6a WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 0x3ea
17 com.apple.WebCore 0x7fff859553bb WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 0x27b
18 com.apple.WebCore 0x7fff85436ba0 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 0xe0
19 com.apple.WebCore 0x7fff8552a69d WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 0x5d
20 com.apple.WebCore 0x7fff8633735a std::__1::__function::__func<WebCore::WebSocket::connect(WTF::String const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul> const&, int&)::$_0, std::__1::allocator<WebCore::WebSocket::connect(WTF::String const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul> const&, int&)::$_0>, void ()>::operator()() + 0x4a
21 com.apple.JavaScriptCore 0x7fff8942ef86 WTF::RunLoop::performWork() + 0x1b6</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>