WebPageProxy::reportPageLoadResult can crash on some code paths
authorkrollin@apple.com <krollin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 13 Sep 2018 22:32:33 +0000 (22:32 +0000)
committerkrollin@apple.com <krollin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 13 Sep 2018 22:32:33 +0000 (22:32 +0000)
commit9dd8ea311414fd5905c4f65f3af7f6ca537d3f8c
treea3c6aceded600e02f2cc35134e3ecad1c3dcea8b
parent59dc56735a9995f1509d9eddd078dc0ed681238a
WebPageProxy::reportPageLoadResult can crash on some code paths
https://bugs.webkit.org/show_bug.cgi?id=189568

Reviewed by Chris Dumez.

WebPageProxy::reportPageLoadResult (which is called from
WebPageProxy::didFinishLoadForFrame) can sometimes crash when
accessing m_pageLoadStart (a std::optional) in its unloaded state.
Normally, m_pageLoadStart is initialized in
WebPageProxy::didStartProvisionalLoadForFrame, which one would expect
would be called before WebPageProxy::didFinishLoadForFrame. But that
turns out to not always be the case. It's not apparent under what
conditions didStartProvisionalLoadForFrame will not be called, but
it's happening in the wild, leading to crashes now that std::optional
asserts in release builds on bad accesses (see
https://bugs.webkit.org/show_bug.cgi?id=189568).

Fix this by checking m_pageLoadState on entry to reportPageLoadResult.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didFailProvisionalLoadForFrame):
(WebKit::WebPageProxy::didFinishLoadForFrame):
(WebKit::WebPageProxy::didFailLoadForFrame):
(WebKit::WebPageProxy::reportPageLoadResult):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235992 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebPageProxy.cpp