156754 2016-04-19 11:57:44 -0700 Crash under WebKit::PluginView::pluginSnapshotTimerFired 2016-04-19 13:19:58 -0700 1 1 1 Unclassified WebKit Plug-ins WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez bdakin commit-queue dino webkit-bug-importer oldest_to_newest 1185097 0 cdumez 2016-04-19 11:57:44 -0700 Crash under WebKit::PluginView::pluginSnapshotTimerFired: Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000038) [ 0] 0x00007fff8b1128df WebKit`WebKit::PluginView::pluginSnapshotTimerFired() [inlined] WTF::RefPtr<WebCore::Settings>::operator*() const at RefPtr.h:68:51 64 Ref<T> releaseNonNull() { ASSERT(m_ptr); Ref<T> tmp(adoptRef(*m_ptr)); m_ptr = nullptr; return tmp; } 65 66 T* leakRef() WARN_UNUSED_RETURN; 67 -> 68 T& operator*() const { ASSERT(m_ptr); return *m_ptr; } 69 ALWAYS_INLINE T* operator->() const { return m_ptr; } 70 71 bool operator!() const { return !m_ptr; } 72 0x00007fff8b1128cc: movq 0x58(%r15), %rcx 0x00007fff8b1128d0: movq 0x20(%rcx), %rcx 0x00007fff8b1128d4: movq 0x8(%rcx), %rcx 0x00007fff8b1128d8: movq 0x190(%rcx), %rcx -> 0x00007fff8b1128df: movq 0x38(%rcx), %rcx 0x00007fff8b1128e3: cmpl 0xd4(%rcx), %edx 0x00007fff8b1128e9: setne %cl 0x00007fff8b1128ec: orb %cl, %al 0x00007fff8b1128ee: je 0x13c8f4 ; <+1164> at PluginView.cpp:1807 [ 0] 0x00007fff8b1128df WebKit`WebKit::PluginView::pluginSnapshotTimerFired() [inlined] WebCore::Frame::settings() const at Frame.h:170 166 WEBCORE_EXPORT String trackedRepaintRectsAsText() const; 167 168 WEBCORE_EXPORT static Frame* frameForWidget(const Widget*); 169 -> 170 Settings& settings() const { return *m_settings; } 171 172 void setPrinting(bool printing, const FloatSize& pageSize, const FloatSize& originalPageSize, float maximumShrinkRatio, AdjustViewSizeOrNot); 173 bool shouldUsePrintingLayout() const; 174 WEBCORE_EXPORT FloatSize resizePageRectsKeepingRatio(const FloatSize& originalSize, const FloatSize& expectedSize); [ 0] 0x00007fff8b1128df WebKit`WebKit::PluginView::pluginSnapshotTimerFired() + 1143 at PluginView.cpp:1807 1803 } 1804 1805 #if ENABLE(PRIMARY_SNAPSHOTTED_PLUGIN_HEURISTIC) 1806 unsigned candidateArea = 0; -> 1807 bool noSnapshotFoundAfterMaxRetries = m_countSnapshotRetries == frame()->settings().maximumPlugInSnapshotAttempts() && !isPlugInOnScreen && !snapshotFound; 1808 if (m_webPage->plugInIsPrimarySize(plugInImageElement, candidateArea) 1809 && (noSnapshotFoundAfterMaxRetries || plugInCameOnScreen)) 1810 m_pluginElement->setDisplayState(HTMLPlugInElement::Playing); 1811 else [ 1] 0x00007fff9226816e WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal() + 174 at ThreadTimers.cpp:132:9 128 double interval = timer->repeatInterval(); 129 timer->setNextFireTime(interval ? fireTime + interval : 0); 130 131 // Once the timer has been fired, it may be deleted, so do nothing else with it after this point. -> 132 timer->fired(); 133 134 // Catch the case where the timer asked timers to fire in a nested event loop, or we are over time limit. 135 if (!m_firingTimers || timeToQuit < monotonicallyIncreasingTime()) 136 break; [ 2] 0x00007fff92268087 WebCore`WebCore::timerFired(__CFRunLoopTimer*, void*) + 23 at SharedTimerCF.cpp:82:5 1185098 1 cdumez 2016-04-19 11:58:00 -0700 rdar://problem/22566764 1185102 2 276740 cdumez 2016-04-19 12:01:52 -0700 Created attachment 276740 Patch 1185117 3 276744 cdumez 2016-04-19 12:27:35 -0700 Created attachment 276744 Patch 1185129 4 276744 commit-queue 2016-04-19 13:19:54 -0700 Comment on attachment 276744 Patch Clearing flags on attachment: 276744 Committed r199740: <http://trac.webkit.org/changeset/199740> 1185130 5 commit-queue 2016-04-19 13:19:58 -0700 All reviewed patches have been landed. Closing bug. 276740 2016-04-19 12:01:52 -0700 2016-04-19 12:27:30 -0700 Patch bug-156754-20160419120212.patch text/plain 1893 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMTk5NzI4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggODEzNjE1MmRlMDA4YjFm Y2Q2YzA0NGFmMmVmNWFjYTFkY2FmOWE1Ny4uZWU3OGVhZDFkZjYwZTFlMjZiZGRlYWMyNmRkYzE2 YTE2MDBjZDBiYiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDE2LTA0LTE5ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggdW5kZXIgV2ViS2l0 OjpQbHVnaW5WaWV3OjpwbHVnaW5TbmFwc2hvdFRpbWVyRmlyZWQKKyAgICAgICAgaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1Njc1NAorICAgICAgICA8cmRhcjovL3By b2JsZW0vMjI1NjY3NjQ+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgQWRkIG51bGwgY2hlY2sgZm9yIGZyYW1lKCkgYmVmb3JlIHRyeWluZyB0byBhY2Nl c3MgdGhlIGZyYW1lIHNldHRpbmdzLAorICAgICAgICBzaW1pbGFybHkgdG8gd2hhdCBpcyBkb25l IGVhcmxpZXIgaW4gdGhpcyBmdW5jdGlvbi4gVGhpcyBmaXhlcyBhIHRvcAorICAgICAgICBjcmFz aGVyLgorCisgICAgICAgICogV2ViUHJvY2Vzcy9QbHVnaW5zL1BsdWdpblZpZXcuY3BwOgorICAg ICAgICAoV2ViS2l0OjpQbHVnaW5WaWV3OjpwbHVnaW5TbmFwc2hvdFRpbWVyRmlyZWQpOgorCiAy MDE2LTA0LTE5ICBBbnR0aSBLb2l2aXN0byAgPGFudHRpQGFwcGxlLmNvbT4KIAogICAgICAgICBU cnkgdG8gZml4IGlPUyBidWlsZC4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nl c3MvUGx1Z2lucy9QbHVnaW5WaWV3LmNwcCBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvUGx1 Z2lucy9QbHVnaW5WaWV3LmNwcAppbmRleCA5OTFhMjZhMmIyOWI0OTNjMWYxMzZlMzM4ZTIzZDgx OWY3Zjk1ZjQzLi5mNDUyODgxMWU3ZjA0ODBiN2JjMmZhNzYyNzUwZTUzNWExZjIxZDFkIDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1BsdWdpbnMvUGx1Z2luVmlldy5jcHAK KysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9QbHVnaW5zL1BsdWdpblZpZXcuY3BwCkBA IC0xODE4LDcgKzE4MTgsNyBAQCB2b2lkIFBsdWdpblZpZXc6OnBsdWdpblNuYXBzaG90VGltZXJG aXJlZCgpCiAKICNpZiBFTkFCTEUoUFJJTUFSWV9TTkFQU0hPVFRFRF9QTFVHSU5fSEVVUklTVElD KQogICAgIHVuc2lnbmVkIGNhbmRpZGF0ZUFyZWEgPSAwOwotICAgIGJvb2wgbm9TbmFwc2hvdEZv dW5kQWZ0ZXJNYXhSZXRyaWVzID0gbV9jb3VudFNuYXBzaG90UmV0cmllcyA9PSBmcmFtZSgpLT5z ZXR0aW5ncygpLm1heGltdW1QbHVnSW5TbmFwc2hvdEF0dGVtcHRzKCkgJiYgIWlzUGx1Z0luT25T Y3JlZW4gJiYgIXNuYXBzaG90Rm91bmQ7CisgICAgYm9vbCBub1NuYXBzaG90Rm91bmRBZnRlck1h eFJldHJpZXMgPSBtX2NvdW50U25hcHNob3RSZXRyaWVzID09IGZyYW1lKCkgJiYgZnJhbWUoKS0+ c2V0dGluZ3MoKS5tYXhpbXVtUGx1Z0luU25hcHNob3RBdHRlbXB0cygpICYmICFpc1BsdWdJbk9u U2NyZWVuICYmICFzbmFwc2hvdEZvdW5kOwogICAgIGlmIChtX3dlYlBhZ2UtPnBsdWdJbklzUHJp bWFyeVNpemUocGx1Z0luSW1hZ2VFbGVtZW50LCBjYW5kaWRhdGVBcmVhKQogICAgICAgICAmJiAo bm9TbmFwc2hvdEZvdW5kQWZ0ZXJNYXhSZXRyaWVzIHx8IHBsdWdJbkNhbWVPblNjcmVlbikpCiAg ICAgICAgIG1fcGx1Z2luRWxlbWVudC0+c2V0RGlzcGxheVN0YXRlKEhUTUxQbHVnSW5FbGVtZW50 OjpQbGF5aW5nKTsK 276744 2016-04-19 12:27:35 -0700 2016-04-19 13:19:54 -0700 Patch bug-156754-20160419122754.patch text/plain 1955 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMTk5NzI4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggODEzNjE1MmRlMDA4YjFm Y2Q2YzA0NGFmMmVmNWFjYTFkY2FmOWE1Ny4uY2U5YWFmNGQzMjA2YjE3OWJkNDEyMDAyZTczZThk ZDcyMmEwYTQ1NyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDE2LTA0LTE5ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggdW5kZXIgV2ViS2l0 OjpQbHVnaW5WaWV3OjpwbHVnaW5TbmFwc2hvdFRpbWVyRmlyZWQKKyAgICAgICAgaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1Njc1NAorICAgICAgICA8cmRhcjovL3By b2JsZW0vMjI1NjY3NjQ+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgQmV0aCBEYWtpbi4KKworICAg ICAgICBBZGQgbnVsbCBjaGVjayBmb3IgZnJhbWUoKSBiZWZvcmUgdHJ5aW5nIHRvIGFjY2VzcyB0 aGUgZnJhbWUgc2V0dGluZ3MsCisgICAgICAgIHNpbWlsYXJseSB0byB3aGF0IGlzIGRvbmUgZWFy bGllciBpbiB0aGlzIGZ1bmN0aW9uLiBUaGlzIGZpeGVzIGEgdG9wCisgICAgICAgIGNyYXNoZXIu CisKKyAgICAgICAgKiBXZWJQcm9jZXNzL1BsdWdpbnMvUGx1Z2luVmlldy5jcHA6CisgICAgICAg IChXZWJLaXQ6OlBsdWdpblZpZXc6OnBsdWdpblNuYXBzaG90VGltZXJGaXJlZCk6CisKIDIwMTYt MDQtMTkgIEFudHRpIEtvaXZpc3RvICA8YW50dGlAYXBwbGUuY29tPgogCiAgICAgICAgIFRyeSB0 byBmaXggaU9TIGJ1aWxkLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9Q bHVnaW5zL1BsdWdpblZpZXcuY3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9QbHVnaW5z L1BsdWdpblZpZXcuY3BwCmluZGV4IDk5MWEyNmEyYjI5YjQ5M2MxZjEzNmUzMzhlMjNkODE5Zjdm OTVmNDMuLmU4Yzc1ZmNkNWQzNjJjZWJiZGNiMzYxYmE4M2RmMDkzOWUxZWFmYWMgMTAwNjQ0Ci0t LSBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvUGx1Z2lucy9QbHVnaW5WaWV3LmNwcAorKysg Yi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1BsdWdpbnMvUGx1Z2luVmlldy5jcHAKQEAgLTE4 MTgsNyArMTgxOCw4IEBAIHZvaWQgUGx1Z2luVmlldzo6cGx1Z2luU25hcHNob3RUaW1lckZpcmVk KCkKIAogI2lmIEVOQUJMRShQUklNQVJZX1NOQVBTSE9UVEVEX1BMVUdJTl9IRVVSSVNUSUMpCiAg ICAgdW5zaWduZWQgY2FuZGlkYXRlQXJlYSA9IDA7Ci0gICAgYm9vbCBub1NuYXBzaG90Rm91bmRB ZnRlck1heFJldHJpZXMgPSBtX2NvdW50U25hcHNob3RSZXRyaWVzID09IGZyYW1lKCktPnNldHRp bmdzKCkubWF4aW11bVBsdWdJblNuYXBzaG90QXR0ZW1wdHMoKSAmJiAhaXNQbHVnSW5PblNjcmVl biAmJiAhc25hcHNob3RGb3VuZDsKKyAgICB1bnNpZ25lZCBtYXhpbXVtU25hcHNob3RSZXRyaWVz ID0gZnJhbWUoKSA/IGZyYW1lKCktPnNldHRpbmdzKCkubWF4aW11bVBsdWdJblNuYXBzaG90QXR0 ZW1wdHMoKSA6IDA7CisgICAgYm9vbCBub1NuYXBzaG90Rm91bmRBZnRlck1heFJldHJpZXMgPSBt X2NvdW50U25hcHNob3RSZXRyaWVzID09IG1heGltdW1TbmFwc2hvdFJldHJpZXMgJiYgIWlzUGx1 Z0luT25TY3JlZW4gJiYgIXNuYXBzaG90Rm91bmQ7CiAgICAgaWYgKG1fd2ViUGFnZS0+cGx1Z0lu SXNQcmltYXJ5U2l6ZShwbHVnSW5JbWFnZUVsZW1lbnQsIGNhbmRpZGF0ZUFyZWEpCiAgICAgICAg ICYmIChub1NuYXBzaG90Rm91bmRBZnRlck1heFJldHJpZXMgfHwgcGx1Z0luQ2FtZU9uU2NyZWVu KSkKICAgICAgICAgbV9wbHVnaW5FbGVtZW50LT5zZXREaXNwbGF5U3RhdGUoSFRNTFBsdWdJbkVs ZW1lbnQ6OlBsYXlpbmcpOwo=