REGRESSION(r227758): Webpage fails to load due to crash in com.apple.…

…WebKit: WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse + 267 https://bugs.webkit.org/show_bug.cgi?id=182532 <rdar://problem/36414017> Patch by Antti Koivisto <antti@apple.com> and Youenn Fablet <youenn@apple.com> on 2018-02-07 Reviewed by Chris Dumez. No test case, don't know how to make one. The repro involves multipart HTTP streaming and details are hazy. We were calling a function that was WTFMoved away just a few lines above. * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse): Canonical link: https://commits.webkit.org/198394@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@228257 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Feb 8, 2018 · 89df8966863b9e2593786c49a2441e24d53b88b3 · 89df896
1 parent aee9497
commit 89df8966863b9e2593786c49a2441e24d53b88b3
Showing with 22 additions and 7 deletions.

+14 −0 Source/WebKit/ChangeLog

+8 −7 Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,17 @@
+2018-02-07  Antti Koivisto  <antti@apple.com> and Youenn Fablet  <youenn@apple.com>
+
+        REGRESSION(r227758): Webpage fails to load due to crash in com.apple.WebKit: WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse + 267
+        https://bugs.webkit.org/show_bug.cgi?id=182532
+        <rdar://problem/36414017>
+
+        Reviewed by Chris Dumez.
+
+        No test case, don't know how to make one. The repro involves multipart HTTP streaming and details are hazy.
+        We were calling a function that was WTFMoved away just a few lines above.
+
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
+
 2018-02-07  Tim Horton  <timothy_horton@apple.com>
 
         Evernote device management web view sometimes displays at the wrong scale

diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
@@ -739,18 +739,19 @@ void WebFrameLoaderClient::dispatchDecidePolicyForResponse(const ResourceRespons
 
     bool canShowMIMEType = webPage->canShowMIMEType(response.mimeType());
 
+    WebCore::Frame* coreFrame = m_frame->coreFrame();
+    auto* policyDocumentLoader = coreFrame ? coreFrame->loader().provisionalDocumentLoader() : nullptr;
+    if (!policyDocumentLoader) {
+        function(PolicyAction::Ignore);
+        return;
+    }
+
+    Ref<WebFrame> protector(*m_frame);
     uint64_t listenerID = m_frame->setUpPolicyListener(WTFMove(function), WebFrame::ForNavigationAction::No);
     bool receivedPolicyAction;
     PolicyAction policyAction;
     DownloadID downloadID;
 
-    Ref<WebFrame> protect(*m_frame);
-    WebCore::Frame* coreFrame = m_frame->coreFrame();
-    if (!coreFrame)
-        return function(PolicyAction::Ignore);
-    auto* policyDocumentLoader = coreFrame->loader().provisionalDocumentLoader();
-    if (!policyDocumentLoader)
-        return function(PolicyAction::Ignore);
     auto navigationID = static_cast<WebDocumentLoader&>(*policyDocumentLoader).navigationID();
     if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForResponseSync(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), navigationID, response, request, canShowMIMEType, listenerID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())), Messages::WebPageProxy::DecidePolicyForResponseSync::Reply(receivedPolicyAction, policyAction, downloadID), Seconds::infinity(), IPC::SendSyncOption::InformPlatformProcessWillSuspend)) {
         m_frame->didReceivePolicyDecision(listenerID, PolicyAction::Ignore, 0, { }, { });