139136 2014-12-01 10:58:20 -0800 Web Inspector: Crash in WebInspectorClient::hideHighlight when page is destroyed 2014-12-01 11:59:28 -0800 1 1 1 Unclassified WebKit Web Inspector 528+ (Nightly build) All All RESOLVED FIXED DoNotImportToRadar P2 Normal --- 1 joepeck joepeck commit-queue graouts joepeck simon.fraser timothy webkit-bug-importer oldest_to_newest 1051488 0 joepeck 2014-12-01 10:58:20 -0800 Seen a few crashes in WebInspectorClient::hideHighlight when the page is destroyed. Process: com.apple.WebKit.WebContent [4849] Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000328 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x00007fff908fbc47 WebKit::WebInspectorClient::hideHighlight() + 25 1 com.apple.WebCore 0x00007fff9573e8d9 WebCore::InspectorOverlay::update() + 505 (InspectorOverlay.cpp:338) 2 com.apple.WebCore 0x00007fff9571bf4c WebCore::InspectorDOMAgent::willDestroyFrontendAndBackend(Inspector::InspectorDisconnectReason) + 220 (InspectorDOMAgent.cpp:261) 3 com.apple.JavaScriptCore 0x00007fff97229f50 Inspector::InspectorAgentRegistry::willDestroyFrontendAndBackend(Inspector::InspectorDisconnectReason) + 48 (InspectorAgentRegistry.cpp:53) 4 com.apple.WebCore 0x00007fff9570d3ec WebCore::InspectorController::disconnectFrontend(Inspector::InspectorDisconnectReason) + 28 (InspectorController.cpp:267) 5 com.apple.WebCore 0x00007fff951b87a0 WebCore::InspectorController::inspectedPageDestroyed() + 16 (InspectorController.cpp:192) 6 com.apple.WebCore 0x00007fff951b7f13 WebCore::Page::~Page() + 323 (Page.cpp:256) 7 com.apple.WebKit 0x00007fff908b3c3b WebKit::WebPage::close() + 715 8 com.apple.WebKit 0x00007fff90a246f4 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection*, IPC::MessageDecoder&) + 5316 9 com.apple.WebKit 0x00007fff90962dc2 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection*, IPC::MessageDecoder&) + 120 10 com.apple.WebKit 0x00007fff90a5841c WebKit::WebProcess::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 28 11 com.apple.WebKit 0x00007fff909164dc IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 94 12 com.apple.WebKit 0x00007fff90918654 IPC::Connection::dispatchOneMessage() + 114 13 com.apple.JavaScriptCore 0x00007fff97379337 WTF::RunLoop::performWork() + 423 (RunLoop.cpp:106) Was not able to reproduce, but I have a speculative fix. 1051489 1 joepeck 2014-12-01 10:58:34 -0800 <rdar://problem/18988495> 1051491 2 242321 joepeck 2014-12-01 11:01:18 -0800 Created attachment 242321 [PATCH] Proposed Fix 1051519 3 242321 commit-queue 2014-12-01 11:59:25 -0800 Comment on attachment 242321 [PATCH] Proposed Fix Clearing flags on attachment: 242321 Committed r176596: <http://trac.webkit.org/changeset/176596> 1051520 4 commit-queue 2014-12-01 11:59:28 -0800 All reviewed patches have been landed. Closing bug. 242321 2014-12-01 11:01:18 -0800 2014-12-01 11:59:25 -0800 [PATCH] Proposed Fix null-check.patch text/plain 1775 joepeck ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCBkYTdkNDdjLi5kZDNmYzkyIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUg QEAKKzIwMTQtMTItMDEgIEpvc2VwaCBQZWNvcmFybyAgPHBlY29yYXJvQGFwcGxlLmNvbT4KKwor ICAgICAgICBXZWIgSW5zcGVjdG9yOiBDcmFzaCBpbiBXZWJJbnNwZWN0b3JDbGllbnQ6OmhpZGVI aWdobGlnaHQgd2hlbiBwYWdlIGlzIGRlc3Ryb3llZAorICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTM5MTM2CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9C T0RZIChPT1BTISkuCisKKyAgICAgICAgKiBXZWJQcm9jZXNzL1dlYkNvcmVTdXBwb3J0L1dlYklu c3BlY3RvckNsaWVudC5jcHA6CisgICAgICAgIChXZWJLaXQ6OldlYkluc3BlY3RvckNsaWVudDo6 aGlkZUhpZ2hsaWdodCk6CisgICAgICAgIFNwZWN1bGF0aXZlbHkgZml4IGJ5IG51bGwtY2hlY2tp bmcgdGhlIG1haW4gZnJhbWUgd2hpY2gKKyAgICAgICAgY2FuIGJlIG51bGwgZHVyaW5nIHBhZ2Ug ZGVzdHJ1Y3Rpb24uCisKIDIwMTQtMTEtMTkgIEJldGggRGFraW4gIDxiZGFraW5AYXBwbGUuY29t PgogCiAgICAgICAgIEludm9raW5nIGFuIGFjdGlvbiBtZW51IG9uIGEgc2VsZWN0aW9uIHNob3Vs ZCByZXN1bHQgaW4gdGhlIHRleHQgbWVudQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdDIvV2Vi UHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJJbnNwZWN0b3JDbGllbnQuY3BwIGIvU291cmNlL1dl YktpdDIvV2ViUHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJJbnNwZWN0b3JDbGllbnQuY3BwCmlu ZGV4IDI1NGI3NWIuLjUzOGEzYmJjIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9j ZXNzL1dlYkNvcmVTdXBwb3J0L1dlYkluc3BlY3RvckNsaWVudC5jcHAKKysrIGIvU291cmNlL1dl YktpdDIvV2ViUHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJJbnNwZWN0b3JDbGllbnQuY3BwCkBA IC0xMzEsNyArMTMxLDcgQEAgdm9pZCBXZWJJbnNwZWN0b3JDbGllbnQ6OmhpZ2hsaWdodCgpCiB2 b2lkIFdlYkluc3BlY3RvckNsaWVudDo6aGlkZUhpZ2hsaWdodCgpCiB7CiAjaWYgIVBMQVRGT1JN KElPUykKLSAgICBpZiAobV9oaWdobGlnaHRPdmVybGF5KQorICAgIGlmIChtX2hpZ2hsaWdodE92 ZXJsYXkgJiYgbV9wYWdlLT5tYWluRnJhbWUoKSkKICAgICAgICAgbV9wYWdlLT5tYWluRnJhbWUo KS0+cGFnZU92ZXJsYXlDb250cm9sbGVyKCkudW5pbnN0YWxsUGFnZU92ZXJsYXkobV9oaWdobGln aHRPdmVybGF5LCBQYWdlT3ZlcmxheTo6RmFkZU1vZGU6OkZhZGUpOwogI2Vsc2UKICAgICBtX3Bh Z2UtPmhpZGVJbnNwZWN0b3JIaWdobGlnaHQoKTsKQEAgLTIwOSw3ICsyMDksNyBAQCB2b2lkIFdl Ykluc3BlY3RvckNsaWVudDo6d2lsbE1vdmVUb1BhZ2UoUGFnZU92ZXJsYXkmLCBQYWdlKiBwYWdl KQogCiAgICAgLy8gVGhlIHBhZ2Ugb3ZlcmxheSBpcyBtb3ZpbmcgYXdheSBmcm9tIHRoZSB3ZWIg cGFnZSwgcmVzZXQgaXQuCiAgICAgQVNTRVJUKG1faGlnaGxpZ2h0T3ZlcmxheSk7Ci0gICAgbV9o aWdobGlnaHRPdmVybGF5ID0gMDsKKyAgICBtX2hpZ2hsaWdodE92ZXJsYXkgPSBudWxscHRyOwog fQogCiB2b2lkIFdlYkluc3BlY3RvckNsaWVudDo6ZGlkTW92ZVRvUGFnZShQYWdlT3ZlcmxheSYs IFBhZ2UqKQo=