42760 2010-07-21 09:24:10 -0700 [Chromium]: Crash during find-in-page 2010-07-21 10:44:58 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) PC All RESOLVED FIXED P1 Normal --- 0 finnur.webkit webkit-unassigned commit-queue oldest_to_newest 254337 0 finnur.webkit 2010-07-21 09:24:10 -0700 Originally reported here: http://code.google.com/p/chromium/issues/detail?id=46019 Turns out our users are seeing occasional crashes while searching, probably when search is still ongoing while the tab is closed/browser shutdown, although we haven't been able to repro. But I have a patch for this; will submit shortly. 254339 1 finnur.webkit 2010-07-21 09:24:44 -0700 Call stack when it crashes: 0x6cf673c6 [chrome.dll - scrollview.cpp:207] WebCore::ScrollView::visibleContentRect(bool) 0x6cf66f6c [chrome.dll - scrollview.h:126] WebCore::ScrollView::visibleWidth() 0x6d16ad77 [chrome.dll - webframeimpl.cpp:558] WebKit::WebFrameImpl::hasVisibleContent() 0x6d16dedb [chrome.dll - webframeimpl.cpp:2054] WebKit::WebFrameImpl::shouldScopeMatches(WebCore::String const &) 0x6d16c9ed [chrome.dll - webframeimpl.cpp:1403] WebKit::WebFrameImpl::scopeStringMatches(int,WebKit::WebString const &,WebKit::WebFindOptions const &,bool) 0x6d16e00d [chrome.dll - webframeimpl.cpp:2087] WebKit::WebFrameImpl::callScopeStringMatches(WebKit::WebFrameImpl::DeferredScopeStringMatches *,int,WebKit::WebString const &,WebKit::WebFindOptions const &,bool) 0x6d16a9ac [chrome.dll - webframeimpl.cpp:431] WebKit::WebFrameImpl::DeferredScopeStringMatches::doTimeout(WebCore::Timer<WebKit::WebFrameImpl::DeferredScopeStringMatches> *) 0x6cf66d84 [chrome.dll - timer.h:98] WebCore::Timer<WebCore::PageCache>::fired() 0x6d09f4c7 [chrome.dll - threadtimers.cpp:112] WebCore::ThreadTimers::sharedTimerFiredInternal() 0x6d09f43a [chrome.dll - threadtimers.cpp:90] WebCore::ThreadTimers::sharedTimerFired() 0x6cc0be0e [chrome.dll - message_loop.cc:328] MessageLoop::RunTask(Task *) 0x6cc0be4b [chrome.dll - message_loop.cc:336] MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) 0x6cc0bfe1 [chrome.dll - message_loop.cc:443] MessageLoop::DoWork() 0x6cc1c343 [chrome.dll - message_pump_default.cc:50] base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x6cc0bcb9 [chrome.dll - message_loop.cc:204] MessageLoop::RunInternal() 0x6cc0bc3e [chrome.dll - message_loop.cc:176] MessageLoop::RunHandler() 0x6cc0bbec [chrome.dll - message_loop.cc:154] MessageLoop::Run() 0x6cc2eb81 [chrome.dll - renderer_main.cc:293] RendererMain(MainFunctionParams const &) 0x6cb43bb1 [chrome.dll - chrome_dll_main.cc:730] ChromeMain 0x012f356c [chrome.exe - client_util.cc:200] MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *) 0x012f3b5b [chrome.exe - chrome_exe_main.cc:46] wWinMain 254342 2 62194 finnur.webkit 2010-07-21 09:28:07 -0700 Created attachment 62194 Proposed fix 254355 3 62197 finnur.webkit 2010-07-21 09:47:51 -0700 Created attachment 62197 Added to the description in the changelog 254367 4 62197 dglazkov 2010-07-21 09:54:52 -0700 Comment on attachment 62197 Added to the description in the changelog ok. 254409 5 62197 commit-queue 2010-07-21 10:44:53 -0700 Comment on attachment 62197 Added to the description in the changelog Clearing flags on attachment: 62197 Committed r63841: <http://trac.webkit.org/changeset/63841> 254410 6 commit-queue 2010-07-21 10:44:58 -0700 All reviewed patches have been landed. Closing bug. 62194 2010-07-21 09:28:07 -0700 2010-07-21 09:47:51 -0700 Proposed fix find_crash_fix.patch text/plain 1376 finnur.webkit SW5kZXg6IFdlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViS2l0L2No cm9taXVtL0NoYW5nZUxvZwkocmV2aXNpb24gNjM4MzEpCisrKyBXZWJLaXQvY2hyb21pdW0vQ2hh bmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTAtMDctMjEgIEZpbm51 ciBUaG9yYXJpbnNzb24gIDxmaW5udXIud2Via2l0QGdtYWlsLmNvbT4KKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBdm9pZCBjcmFzaGluZyBkdXJpbmcg ZmluZC1pbi1wYWdlIHdoZW4gfHZpZXd8IGlzIE5VTEwuCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00Mjc2MAorCisgICAgICAgICogc3JjL1dlYkZyYW1l SW1wbC5jcHA6CisgICAgICAgIChXZWJLaXQ6OldlYkZyYW1lSW1wbDo6c2hvdWxkU2NvcGVNYXRj aGVzKToKKwogMjAxMC0wNy0yMSAgSGFucyBXZW5uYm9yZyAgPGhhbnNAY2hyb21pdW0ub3JnPgog CiAgICAgICAgIFJldmlld2VkIGJ5IFN0ZXZlIEJsb2NrLgpJbmRleDogV2ViS2l0L2Nocm9taXVt L3NyYy9XZWJGcmFtZUltcGwuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYktpdC9jaHJvbWl1bS9zcmMv V2ViRnJhbWVJbXBsLmNwcAkocmV2aXNpb24gNjM4MzEpCisrKyBXZWJLaXQvY2hyb21pdW0vc3Jj L1dlYkZyYW1lSW1wbC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTIxMDEsOSArMjEwMSw5IEBAIGlu dCBXZWJGcmFtZUltcGw6Om9yZGluYWxPZkZpcnN0TWF0Y2hGb3IKIAogYm9vbCBXZWJGcmFtZUlt cGw6OnNob3VsZFNjb3BlTWF0Y2hlcyhjb25zdCBTdHJpbmcmIHNlYXJjaFRleHQpCiB7Ci0gICAg Ly8gRG9uJ3Qgc2NvcGUgaWYgd2UgY2FuJ3QgZmluZCBhIGZyYW1lIG9yIGlmIHRoZSBmcmFtZSBp cyBub3QgdmlzaWJsZS4KKyAgICAvLyBEb24ndCBzY29wZSBpZiB3ZSBjYW4ndCBmaW5kIGEgZnJh bWUgb3IgYSB2aWV3IG9yIGlmIHRoZSBmcmFtZSBpcyBub3QgdmlzaWJsZS4KICAgICAvLyBUaGUg dXNlciBtYXkgaGF2ZSBjbG9zZWQgdGhlIHRhYi9hcHBsaWNhdGlvbiwgc28gYWJvcnQuCi0gICAg aWYgKCFmcmFtZSgpIHx8ICFoYXNWaXNpYmxlQ29udGVudCgpKQorICAgIGlmICghZnJhbWUoKSB8 fCAhZnJhbWUoKS0+dmlldygpIHx8ICFoYXNWaXNpYmxlQ29udGVudCgpKQogICAgICAgICByZXR1 cm4gZmFsc2U7CiAKICAgICBBU1NFUlQoZnJhbWUoKS0+ZG9jdW1lbnQoKSAmJiBmcmFtZSgpLT52 aWV3KCkpOwo= 62197 2010-07-21 09:47:51 -0700 2010-07-21 10:44:53 -0700 Added to the description in the changelog find_crash_fix2.patch text/plain 1569 finnur.webkit SW5kZXg6IFdlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViS2l0L2No cm9taXVtL0NoYW5nZUxvZwkocmV2aXNpb24gNjM4MzEpCisrKyBXZWJLaXQvY2hyb21pdW0vQ2hh bmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTAtMDctMjEgIEZpbm51 ciBUaG9yYXJpbnNzb24gIDxmaW5udXIud2Via2l0QGdtYWlsLmNvbT4KKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBdm9pZCBjcmFzaGluZyBkdXJpbmcg ZmluZC1pbi1wYWdlIHdoZW4gfHZpZXd8IGlzIE5VTEwuCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00Mjc2MAorICAgICAgICAKKyAgICAgICAgVGhlcmUg YXJlIG5vIGxheW91dCB0ZXN0cyBiZWNhdXNlIHdlIGRvbid0IGhhdmUgYSByZXBybyBjYXNlCisg ICAgICAgIHRvIHdvcmsgd2l0aCwgc28gdGhpcyBpcyBhIHNwZWN1bGF0aXZlIGZpeCBiYXNlZCBv biBjcmFzaCBkdW1wCisgICAgICAgIGRpYWdub3Npcy4gU2VlIGJ1ZyBmb3IgZGV0YWlscy4KKwor ICAgICAgICAqIHNyYy9XZWJGcmFtZUltcGwuY3BwOgorICAgICAgICAoV2ViS2l0OjpXZWJGcmFt ZUltcGw6OnNob3VsZFNjb3BlTWF0Y2hlcyk6CisKIDIwMTAtMDctMjEgIEhhbnMgV2VubmJvcmcg IDxoYW5zQGNocm9taXVtLm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBTdGV2ZSBCbG9jay4K SW5kZXg6IFdlYktpdC9jaHJvbWl1bS9zcmMvV2ViRnJhbWVJbXBsLmNwcAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t LSBXZWJLaXQvY2hyb21pdW0vc3JjL1dlYkZyYW1lSW1wbC5jcHAJKHJldmlzaW9uIDYzODMxKQor KysgV2ViS2l0L2Nocm9taXVtL3NyYy9XZWJGcmFtZUltcGwuY3BwCSh3b3JraW5nIGNvcHkpCkBA IC0yMTAxLDkgKzIxMDEsOSBAQCBpbnQgV2ViRnJhbWVJbXBsOjpvcmRpbmFsT2ZGaXJzdE1hdGNo Rm9yCiAKIGJvb2wgV2ViRnJhbWVJbXBsOjpzaG91bGRTY29wZU1hdGNoZXMoY29uc3QgU3RyaW5n JiBzZWFyY2hUZXh0KQogewotICAgIC8vIERvbid0IHNjb3BlIGlmIHdlIGNhbid0IGZpbmQgYSBm cmFtZSBvciBpZiB0aGUgZnJhbWUgaXMgbm90IHZpc2libGUuCisgICAgLy8gRG9uJ3Qgc2NvcGUg aWYgd2UgY2FuJ3QgZmluZCBhIGZyYW1lIG9yIGEgdmlldyBvciBpZiB0aGUgZnJhbWUgaXMgbm90 IHZpc2libGUuCiAgICAgLy8gVGhlIHVzZXIgbWF5IGhhdmUgY2xvc2VkIHRoZSB0YWIvYXBwbGlj YXRpb24sIHNvIGFib3J0LgotICAgIGlmICghZnJhbWUoKSB8fCAhaGFzVmlzaWJsZUNvbnRlbnQo KSkKKyAgICBpZiAoIWZyYW1lKCkgfHwgIWZyYW1lKCktPnZpZXcoKSB8fCAhaGFzVmlzaWJsZUNv bnRlbnQoKSkKICAgICAgICAgcmV0dXJuIGZhbHNlOwogCiAgICAgQVNTRVJUKGZyYW1lKCktPmRv Y3VtZW50KCkgJiYgZnJhbWUoKS0+dmlldygpKTsK