Bug 25042 - destroying webview widget directly causes crash.
Summary: destroying webview widget directly causes crash.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 420+
Hardware: PC Linux
: P1 Critical
Assignee: Xan Lopez
URL:
Keywords: Gtk
Depends on:
Blocks:
 
Reported: 2009-04-03 16:57 PDT by James Su
Modified: 2009-04-16 15:06 PDT (History)
1 user (show)

See Also:


Attachments
Test pack, show and destroy early (937 bytes, patch)
2009-04-04 03:29 PDT, Christian Dywan
zecke: review+
Details | Formatted Diff | Diff
dispose-screen-changed.patch (1.90 KB, patch)
2009-04-05 01:44 PDT, Xan Lopez
zecke: review+
Details | Formatted Diff | Diff
default-handler-screen-changed.patch (7.59 KB, patch)
2009-04-05 02:07 PDT, Xan Lopez
zecke: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description James Su 2009-04-03 16:57:04 PDT
Following code causes crash:

#include <gtk/gtk.h>
#include <webkit/webkit.h>

int main(int argc, char *argv[]) {
  GtkWidget *window, *webview;
  gtk_init(&argc, &argv);
  window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
  webview = GTK_WIDGET(webkit_web_view_new());
  gtk_container_add(GTK_CONTAINER(window), webview);
  gtk_widget_show(window);
  gtk_widget_show(webview);
  gtk_widget_destroy(webview);
  return 0;
}


backtrace:
Program received signal SIGSEGV, Segmentation fault.
webkit_web_view_screen_changed (this=<value optimized out>) at WebKit/gtk/webkit/webkitwebview.cpp:1624
1624	    Settings* settings = core(webView)->settings();
Current language:  auto; currently c++
(gdb) bt
#0  0x000000389ae6fb8b in webkit_web_view_screen_changed (this=<value optimized out>) from /usr/lib64/libwebkit-1.0.so.2
#1  0x000000388ba0b8ee in IA__g_closure_invoke (closure=0x692770, return_value=0x0, n_param_values=2, param_values=0x6796d0, 
    invocation_hint=0x7fffffffd9b0) at gclosure.c:767
#2  0x000000388ba21f18 in signal_emit_unlocked_R (node=0x65e040, detail=<value optimized out>, instance=<value optimized out>, 
    emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3244
#3  0x000000388ba232fe in IA__g_signal_emit_valist (instance=0x690030, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffdba0)
    at gsignal.c:2977
#4  0x000000388ba23893 in IA__g_signal_emit (instance=0x690030, signal_id=6488272, detail=0) at gsignal.c:3034
#5  0x000000389343602a in gtk_widget_propagate_hierarchy_changed_recurse (widget=0x690030, client_data=0x7fffffffdca0) at gtkwidget.c:6185
#6  0x0000003893439a80 in _gtk_widget_propagate_hierarchy_changed (widget=0x690030, previous_toplevel=0x681090) at gtkwidget.c:6225
#7  0x0000003893443899 in IA__gtk_widget_unparent (widget=0x690030) at gtkwidget.c:2916
#8  0x000000389327a600 in gtk_bin_remove (container=0x681090, child=0x6300d0) at gtkbin.c:109
#9  0x000000388ba0b8ee in IA__g_closure_invoke (closure=0x6615d0, return_value=0x0, n_param_values=2, param_values=0x679800, 
    invocation_hint=0x7fffffffdf00) at gclosure.c:767
#10 0x000000388ba21715 in signal_emit_unlocked_R (node=0x661640, detail=<value optimized out>, instance=<value optimized out>, 
    emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3174
#11 0x000000388ba232fe in IA__g_signal_emit_valist (instance=0x681090, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffe0f0)
    at gsignal.c:2977
#12 0x000000388ba23893 in IA__g_signal_emit (instance=0x690030, signal_id=6488272, detail=0) at gsignal.c:3034
#13 0x000000389343ed85 in gtk_widget_dispose (object=0x690030) at gtkwidget.c:7898
#14 0x000000388ba0ddd0 in IA__g_object_run_dispose (object=0x690030) at gobject.c:789
#15 0x0000000000400a23 in main (argc=1, argv=0x7fffffffe308) at webkit.c:12
(gdb)
Comment 1 Christian Dywan 2009-04-04 03:29:26 PDT
Created attachment 29252 [details]
Test pack, show and destroy early

This patch adds the test case to our destroy unit test.
Comment 2 Xan Lopez 2009-04-05 01:44:30 PDT
Created attachment 29265 [details]
dispose-screen-changed.patch

This fixes the crasher.
Comment 3 Xan Lopez 2009-04-05 02:07:10 PDT
Created attachment 29266 [details]
default-handler-screen-changed.patch

While I'm at it, avoid the weirdness of the view connecting to its own screen-changed signal.
Comment 4 Holger Freyther 2009-04-06 01:40:32 PDT
Comment on attachment 29252 [details]
Test pack, show and destroy early

> diff --git a/WebKit/gtk/tests/testwebframe.c b/WebKit/gtk/tests/testwebframe.c
> index e2da29c..2797fa0 100644
> --- a/WebKit/gtk/tests/testwebframe.c
> +++ b/WebKit/gtk/tests/testwebframe.c
> @@ -26,14 +26,22 @@
>  static void test_webkit_web_frame_create_destroy(void)
>  {
>      WebKitWebView* webView;
> -    g_test_bug("21837");
> +    GtkWidget *window;

placement of '*' is inconsistent. Please make it consistent when landing. :)
Comment 5 Holger Freyther 2009-04-06 03:00:39 PDT
Comment on attachment 29266 [details]
default-handler-screen-changed.patch

Nice!
Comment 6 Christian Dywan 2009-04-16 15:02:50 PDT
Comment on attachment 29252 [details]
Test pack, show and destroy early

Committed with revision 42591.