[Mac] Crashes in CFURLGetBytes under WebProcess::updateActivePages()
authorap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jul 2013 22:05:45 +0000 (22:05 +0000)
committerap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jul 2013 22:05:45 +0000 (22:05 +0000)
        https://bugs.webkit.org/show_bug.cgi?id=118814
        <rdar://problem/14173389>

        Reviewed by Brady Eidson.

        Speculative fix. It's unclear how we end up with an invalid URL when committing
        a load.

        * WebProcess/mac/WebProcessMac.mm: (WebKit::WebProcess::updateActivePages):
        Added a null check.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@152805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/mac/WebProcessMac.mm

index 422f25e..5546444 100644 (file)
@@ -1,3 +1,17 @@
+2013-07-17  Alexey Proskuryakov  <ap@apple.com>
+
+        [Mac] Crashes in CFURLGetBytes under WebProcess::updateActivePages()
+        https://bugs.webkit.org/show_bug.cgi?id=118814
+        <rdar://problem/14173389>
+
+        Reviewed by Brady Eidson.
+
+        Speculative fix. It's unclear how we end up with an invalid URL when committing
+        a load.
+
+        * WebProcess/mac/WebProcessMac.mm: (WebKit::WebProcess::updateActivePages):
+        Added a null check.
+
 2013-07-17  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r152786 and r152789.
 2013-07-17  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r152786 and r152789.
index 1906084..94b25fa 100644 (file)
@@ -238,7 +238,14 @@ void WebProcess::updateActivePages()
             mainFrameOriginString = mainFrameOrigin->toRawString();
         else
             mainFrameOriginString = KURL(KURL(), mainFrame->url()).protocol() + ':'; // toRawString() is not supposed to work with unique origins, and would just return "://".
             mainFrameOriginString = mainFrameOrigin->toRawString();
         else
             mainFrameOriginString = KURL(KURL(), mainFrame->url()).protocol() + ':'; // toRawString() is not supposed to work with unique origins, and would just return "://".
-        CFArrayAppendValue(activePageURLs.get(), userVisibleString([NSURL URLWithString:mainFrameOriginString]));
+
+        NSURL *originAsNSURL = [NSURL URLWithString:mainFrameOriginString];
+        // +[NSURL URLWithString:] returns nil when its argument is malformed. It's unclear how we can possibly have a malformed URL here,
+        // but it happens in practice according to <rdar://problem/14173389>. Leaving an assertion in to catch a reproducible case.
+        ASSERT(originAsNSURL);
+        NSString *userVisibleOriginString = originAsNSURL ? userVisibleString(originAsNSURL) : @"(null)";
+
+        CFArrayAppendValue(activePageURLs.get(), userVisibleOriginString);
     }
     WKSetApplicationInformationItem(kLSActivePageUserVisibleOriginsKey, activePageURLs.get());
 #endif
     }
     WKSetApplicationInformationItem(kLSActivePageUserVisibleOriginsKey, activePageURLs.get());
 #endif