37318 2010-04-09 02:52:34 -0700 Crash on WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() during frame disconnection 2010-04-09 06:13:56 -0700 1 1 1 Unclassified WebKit WebKit Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 0 bulach webkit-unassigned bulach commit-queue fishd jorlow joth oldest_to_newest 210646 0 bulach 2010-04-09 02:52:34 -0700 There are some situations where the frame / webview has been disconnected prior to WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() being called. In this scenario, we don't need to detachBridge(). http://code.google.com/p/chromium/issues/detail?id=40478 Thread 0 (crashed) 0 Google Chrome Framew0.369.0.1 0x0167be82 WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() + 0x0 (WebGeolocationServiceBridgeImpl.cpp:128) 1 Google Chrome Framew0.369.0.1 0x010a299e WebCore::Geolocation::disconnectFrame() + 0x7 (Geolocation.cpp:636) 2 Google Chrome Framew0.369.0.1 0x010a8b71 WebCore::Navigator::disconnectFrame() + 0x7 (Navigator.cpp:68) 3 Google Chrome Framew0.369.0.1 0x01077554 WebCore::DOMWindow::clear() + 0x7 (DOMWindow.cpp:441) 4 Google Chrome Framew0.369.0.1 0x010941eb WebCore::Frame::setSelectionFromNone() + 0x7 (Frame.cpp:212) 5 Google Chrome Framew0.369.0.1 0x00fdd67d 6 Google Chrome Framew0.369.0.1 0x00fbcd97 WebCore::InspectorController::setBreakpoint(WebCore::String const&, unsigned int, bool, WebCore::String const&) + 0x7 (RefCounted.h:109) 7 Google Chrome Framew0.369.0.1 0x010ac062 WebCore::Page::userStyleSheetLocationChanged() + 0xb (OwnPtrCommon.h:55) 8 Google Chrome Framew0.369.0.1 0x0169ba10 WebKit::WebViewImpl::close() + 0xb (OwnPtrCommon.h:55) 9 Google Chrome Framew0.369.0.1 0x0062a517 RenderWidget::Close() + 0x6 (render_widget.cc:651) 10 Google Chrome Framew0.369.0.1 0x005f3545 RenderView::Close() + 0x7 (render_view.cc:4785) 11 Google Chrome Framew0.369.0.1 0x006a413a MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) + 0x7 (message_loop.cc:329) 12 Google Chrome Framew0.369.0.1 0x006a4b0a MessageLoop::DoWork() + 0xb (message_loop.cc:444) 13 Google Chrome Framew0.369.0.1 0x00683053 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 0xa (message_pump_mac.mm:291) 14 CoreFoundation 0.550.19.0 0x993cd15a __CFRunLoopDoSources0 + 0x61a 15 CoreFoundation 0.550.19.0 0x993cac1e __CFRunLoopRun + 0x42e 16 CoreFoundation 0.550.19.0 0x993ca0f3 CFRunLoopRunSpecific + 0x1c3 17 CoreFoundation 0.550.19.0 0x993c9f20 CFRunLoopRunInMode + 0x60 18 HIToolbox 0.460.0.0 0x972340fb RunCurrentEventLoopInMode + 0x187 19 HIToolbox 0.460.0.0 0x97233eb0 ReceiveNextEventCommon + 0x161 20 HIToolbox 0.460.0.0 0x97233d35 BlockUntilNextEventMatchingListInMode + 0x50 21 AppKit 0.1038.29.0 0x93325134 _DPSNextEvent + 0x34e 22 AppKit 0.1038.29.0 0x93324975 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x9b 23 AppKit 0.1038.29.0 0x932e6bee -[NSApplication run] + 0x334 24 Google Chrome Framew0.369.0.1 0x00682afc base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 0x19 (message_pump_mac.mm:677) 25 Google Chrome Framew0.369.0.1 0x00682285 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 0xb (message_pump_mac.mm:213) 26 Google Chrome Framew0.369.0.1 0x006a4083 MessageLoop::Run() + 0xb (message_loop.cc:205) 27 Google Chrome Framew0.369.0.1 0x00637b0d RendererMain(MainFunctionParams const&) + 0xc (renderer_main.cc:289) 28 Google Chrome Framew0.369.0.1 0x0000a27d ChromeMain + 0xd (chrome_dll_main.cc:720) 29 Google Chrome Helper 0x00001ff7 main + 0x11 (chrome_exe_main.mm:16) 30 Google Chrome Helper 0x00001fb5 31 210654 1 52950 bulach 2010-04-09 02:59:45 -0700 Created attachment 52950 Patch 210697 2 52950 commit-queue 2010-04-09 06:13:51 -0700 Comment on attachment 52950 Patch Clearing flags on attachment: 52950 Committed r57335: <http://trac.webkit.org/changeset/57335> 210698 3 commit-queue 2010-04-09 06:13:56 -0700 All reviewed patches have been landed. Closing bug. 52950 2010-04-09 02:59:45 -0700 2010-04-09 06:13:51 -0700 Patch 37318.patch text/plain 1690 bulach SW5kZXg6IFdlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViS2l0L2No cm9taXVtL0NoYW5nZUxvZwkocmV2aXNpb24gNTczMjEpCisrKyBXZWJLaXQvY2hyb21pdW0vQ2hh bmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAKKzIwMTAtMDQtMDkgIE1hcmN1 cyBCdWxhY2ggIDxidWxhY2hAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIENyYXNoIG9uIFdlYktpdDo6V2ViR2VvbG9jYXRpb25T ZXJ2aWNlQnJpZGdlSW1wbDo6c3RvcFVwZGF0aW5nKCkgZHVyaW5nIGZyYW1lIGRpc2Nvbm5lY3Rp b24KKyAgICAgICAgU2hvdWxkIG5vdCB0cnkgdG8gYWNjZXNzIFdlYlZpZXdDbGllbnQgaWYgdGhl IGZyYW1lIGhhcyBhbHJlYWR5IGJlZW4gZGlzY29ubmVjdGVkLgorICAgICAgICBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MzczMTgKKworICAgICAgICAqIHNyYy9XZWJH ZW9sb2NhdGlvblNlcnZpY2VCcmlkZ2VJbXBsLmNwcDoKKyAgICAgICAgKFdlYktpdDo6V2ViR2Vv bG9jYXRpb25TZXJ2aWNlQnJpZGdlSW1wbDo6c3RvcFVwZGF0aW5nKToKKwogMjAxMC0wNC0wNyAg UGF2ZWwgRmVsZG1hbiAgPHBmZWxkbWFuQGNocm9taXVtLm9yZz4KIAogICAgICAgICBSZXZpZXdl ZCBieSBZdXJ5IFNlbWlraGF0c2t5LgpJbmRleDogV2ViS2l0L2Nocm9taXVtL3NyYy9XZWJHZW9s b2NhdGlvblNlcnZpY2VCcmlkZ2VJbXBsLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJLaXQvY2hyb21p dW0vc3JjL1dlYkdlb2xvY2F0aW9uU2VydmljZUJyaWRnZUltcGwuY3BwCShyZXZpc2lvbiA1NzMy MCkKKysrIFdlYktpdC9jaHJvbWl1bS9zcmMvV2ViR2VvbG9jYXRpb25TZXJ2aWNlQnJpZGdlSW1w bC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTEyNCwxMiArMTI0LDEzIEBAIGJvb2wgV2ViR2VvbG9j YXRpb25TZXJ2aWNlQnJpZGdlSW1wbDo6c3QKIAogdm9pZCBXZWJHZW9sb2NhdGlvblNlcnZpY2VC cmlkZ2VJbXBsOjpzdG9wVXBkYXRpbmcoKQogewotICAgIGlmIChtX2JyaWRnZUlkKSB7Ci0gICAg ICAgIFdlYkdlb2xvY2F0aW9uU2VydmljZSogZ2VvbG9jYXRpb25TZXJ2aWNlID0gZ2V0V2ViVmll d0NsaWVudCgpLT5nZW9sb2NhdGlvblNlcnZpY2UoKTsKKyAgICBXZWJWaWV3Q2xpZW50KiB3ZWJW aWV3Q2xpZW50ID0gZ2V0V2ViVmlld0NsaWVudCgpOworICAgIGlmIChtX2JyaWRnZUlkICYmIHdl YlZpZXdDbGllbnQpIHsKKyAgICAgICAgV2ViR2VvbG9jYXRpb25TZXJ2aWNlKiBnZW9sb2NhdGlv blNlcnZpY2UgPSB3ZWJWaWV3Q2xpZW50LT5nZW9sb2NhdGlvblNlcnZpY2UoKTsKICAgICAgICAg Z2VvbG9jYXRpb25TZXJ2aWNlLT5zdG9wVXBkYXRpbmcobV9icmlkZ2VJZCk7CiAgICAgICAgIGdl b2xvY2F0aW9uU2VydmljZS0+ZGV0YWNoQnJpZGdlKG1fYnJpZGdlSWQpOwotICAgICAgICBtX2Jy aWRnZUlkID0gMDsKICAgICB9CisgICAgbV9icmlkZ2VJZCA9IDA7CiB9CiAKIHZvaWQgV2ViR2Vv bG9jYXRpb25TZXJ2aWNlQnJpZGdlSW1wbDo6c3VzcGVuZCgpCg==