Changeset 228257 in webkit

Timestamp:

Feb 7, 2018 7:30:34 PM (6 years ago)

Author:

commit-queue@webkit.org

Message:

REGRESSION(r227758): Webpage fails to load due to crash in com.apple.WebKit: WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse + 267
​https://bugs.webkit.org/show_bug.cgi?id=182532
<rdar://problem/36414017>

Patch by Antti Koivisto <Antti Koivisto> and Youenn Fablet <​youenn@apple.com> on 2018-02-07
Reviewed by Chris Dumez.

No test case, don't know how to make one. The repro involves multipart HTTP streaming and details are hazy.
We were calling a function that was WTFMoved away just a few lines above.

• WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (modified) (2 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-02-07  Antti Koivisto  <antti@apple.com> and Youenn Fablet  <youenn@apple.com>
+
+        REGRESSION(r227758): Webpage fails to load due to crash in com.apple.WebKit: WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse + 267
+        https://bugs.webkit.org/show_bug.cgi?id=182532
+        <rdar://problem/36414017>
+
+        Reviewed by Chris Dumez.
+
+        No test case, don't know how to make one. The repro involves multipart HTTP streaming and details are hazy.
+        We were calling a function that was WTFMoved away just a few lines above.
+
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
+
 2018-02-07  Tim Horton  <timothy_horton@apple.com>
 

trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp

@@ -740 +740 @@
     bool canShowMIMEType = webPage->canShowMIMEType(response.mimeType());
 
+    WebCore::Frame* coreFrame = m_frame->coreFrame();
+    auto* policyDocumentLoader = coreFrame ? coreFrame->loader().provisionalDocumentLoader() : nullptr;
+    if (!policyDocumentLoader) {
+        function(PolicyAction::Ignore);
+        return;
+    }
+
+    Ref<WebFrame> protector(*m_frame);
     uint64_t listenerID = m_frame->setUpPolicyListener(WTFMove(function), WebFrame::ForNavigationAction::No);
     bool receivedPolicyAction;
@@ -745 +753 @@
     DownloadID downloadID;
 
-    Ref<WebFrame> protect(*m_frame);
-    WebCore::Frame* coreFrame = m_frame->coreFrame();
-    if (!coreFrame)
-        return function(PolicyAction::Ignore);
-    auto* policyDocumentLoader = coreFrame->loader().provisionalDocumentLoader();
-    if (!policyDocumentLoader)
-        return function(PolicyAction::Ignore);
     auto navigationID = static_cast<WebDocumentLoader&>(*policyDocumentLoader).navigationID();
     if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForResponseSync(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), navigationID, response, request, canShowMIMEType, listenerID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())), Messages::WebPageProxy::DecidePolicyForResponseSync::Reply(receivedPolicyAction, policyAction, downloadID), Seconds::infinity(), IPC::SendSyncOption::InformPlatformProcessWillSuspend)) {