46261 2010-09-22 07:03:35 -0700 Web Inspector: CRASH at node highlight on MAC Safari 2010-09-24 09:40:28 -0700 1 1 1 Unclassified WebKit Web Inspector (Deprecated) 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 loislo loislo apavlov bweinstein commit-queue joepeck keishi loislo pfeldman pmuellr podivilov rik timothy yurys oldest_to_newest 282905 0 loislo 2010-09-22 07:03:35 -0700 1) run-safari --debug 2) open inspector 3) open elements panel 4) hover mouse over elements panel items 5) try to switch to another tab. In my case Timeline 6) CRASH call stack Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000328 0x000000010147b546 in WTF::RefPtr<WebCore::Node>::operator! (this=0x328) at RefPtr.h:68 68 bool operator!() const { return !m_ptr; } (gdb) BT #0 0x000000010147b546 in WTF::RefPtr<WebCore::Node>::operator! (this=0x328) at RefPtr.h:68 #1 0x00000001019ea1f9 in WebCore::InspectorController::drawNodeHighlight (this=0x0, context=@0x7fff5fbfd2f0) at /Users/Shared/loislo/Projects/chromium/src/third_party/WebKit/WebCore/inspector/InspectorController.cpp:1802 #2 0x0000000100f840e0 in -[WebNodeHighlightView drawRect:] (self=0x11e479100, _cmd=0x7fff874a0e08, rect={origin = {x = 0, y = 0}, size = {width = 1371, height = 784}}) at WebNodeHighlightView.mm:75 #3 0x00007fff86e65081 in -[NSView _drawRect:clip:] () #4 0x00007fff86e63cf4 in -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] () #5 0x00007fff86e6405e in -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] () #6 0x00007fff86e623c6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] () #7 0x00007fff86f80b84 in -[NSNextStepFrame _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] () #8 0x00007fff86e5e79a in -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] () #9 0x00007fff86dd7ff6 in -[NSView displayIfNeeded] () #10 0x00007fff86d8d7e4 in -[NSNextStepFrame displayIfNeeded] () #11 0x00007fff86dd2ea2 in _handleWindowNeedsDisplay () #12 0x00007fff811aea2d in __NSFireTimer () #13 0x00007fff85318678 in __CFRunLoopRun () #14 0x00007fff8531684f in CFRunLoopRunSpecific () #15 0x00007fff881c991a in RunCurrentEventLoopInMode () #16 0x00007fff881c967d in ReceiveNextEventCommon () #17 0x00007fff881c95d8 in BlockUntilNextEventMatchingListInMode () #18 0x00007fff86da829e in _DPSNextEvent () #19 0x00007fff86da7bed in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #20 0x00000001000165d8 in ?? () #21 0x00007fff86d6d8d3 in -[NSApplication run] () #22 0x00007fff86d665f8 in NSApplicationMain () #23 0x000000010000a4a4 in ?? () Current language: auto; currently c++ (gdb) ГЗ Undefined command: "". Try "help". (gdb) up #1 0x00000001019ea1f9 in WebCore::InspectorController::drawNodeHighlight (this=0x0, context=@0x7fff5fbfd2f0) at /Users/Shared/loislo/Projects/chromium/src/third_party/WebKit/WebCore/inspector/InspectorController.cpp:1802 1802 if (!m_highlightedNode) (gdb) list 1797 return mainFramePoint - IntPoint(); 1798 } 1799 1800 void InspectorController::drawNodeHighlight(GraphicsContext& context) const 1801 { 1802 if (!m_highlightedNode) 1803 return; 1804 1805 RenderObject* renderer = m_highlightedNode->renderer(); 1806 Frame* containingFrame = m_highlightedNode->document()->frame(); (gdb) p this $1 = (const 'WebCore::InspectorController' * const) 0x0 (gdb) up #2 0x0000000100f840e0 in -[WebNodeHighlightView drawRect:] (self=0x11e479100, _cmd=0x7fff874a0e08, rect={origin = {x = 0, y = 0}, size = {width = 1371, height = 784}}) at WebNodeHighlightView.mm:75 75 [_webNodeHighlight inspectorController]->drawNodeHighlight(context); Current language: auto; currently objective-c++ (gdb) 284303 1 68663 loislo 2010-09-24 02:45:14 -0700 Created attachment 68663 [patch] initial version. 284307 2 68663 pfeldman 2010-09-24 03:12:28 -0700 Comment on attachment 68663 [patch] initial version. View in context: https://bugs.webkit.org/attachment.cgi?id=68663&action=review > WebKit/mac/WebInspector/WebNodeHighlightView.mm:77 > + [NSGraphicsContext restoreGraphicsState]; Should restore unconditionally. 284319 3 68666 loislo 2010-09-24 04:43:43 -0700 Created attachment 68666 [patch] initial version. 284323 4 68666 commit-queue 2010-09-24 05:08:47 -0700 Comment on attachment 68666 [patch] initial version. Clearing flags on attachment: 68666 Committed r68247: <http://trac.webkit.org/changeset/68247> 284324 5 commit-queue 2010-09-24 05:08:53 -0700 All reviewed patches have been landed. Closing bug. 284441 6 68666 joepeck 2010-09-24 09:40:28 -0700 Comment on attachment 68666 [patch] initial version. View in context: https://bugs.webkit.org/attachment.cgi?id=68666&action=review I know this landed. Here are some things to think about to improve later patches. > WebKit/mac/ChangeLog:14 > + Web Inspector: CRASH at node highlight on MAC Safari. > + 1) run-safari --debug > + 2) open inspector > + 3) open elements panel > + 4) hover mouse over elements panel items multiple times > + 5) CRASH > + Looks like it is a race condition. WebNodeHighlightView doesn't check > + the pointer to WebNodeHighligh object and it can be nil. > + > + https://bugs.webkit.org/show_bug.cgi?id=46261 This still isn't the usual ChangeLog style, but I guess everyones does it differently so I'll stop bringing it up. Just noticed there was a typo, "WebNodeHighligh". > WebKit/mac/WebInspector/WebNodeHighlightView.mm:71 > + if (_webNodeHighlight) { > + [NSGraphicsContext saveGraphicsState]; I think an early return would have made this easier to read, and is a common style. 68663 2010-09-24 02:45:14 -0700 2010-09-24 04:43:43 -0700 [patch] initial version. patch text/plain 1780 loislo ZGlmZiAtLWdpdCBhL1dlYktpdC9tYWMvQ2hhbmdlTG9nIGIvV2ViS2l0L21hYy9DaGFuZ2VMb2cK aW5kZXggNDIxOTdmZC4uZDhlODIxMyAxMDA2NDQKLS0tIGEvV2ViS2l0L21hYy9DaGFuZ2VMb2cK KysrIGIvV2ViS2l0L21hYy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwyMSBAQAorMjAxMC0wOS0yNCAg SWx5YSBUaWtob25vdnNreSAgPGxvaXNsb0BjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgV2ViIEluc3BlY3RvcjogQ1JBU0ggYXQg bm9kZSBoaWdobGlnaHQgb24gTUFDIFNhZmFyaS4KKyAgICAgICAgMSkgcnVuLXNhZmFyaSAtLWRl YnVnCisgICAgICAgIDIpIG9wZW4gaW5zcGVjdG9yCisgICAgICAgIDMpIG9wZW4gZWxlbWVudHMg cGFuZWwKKyAgICAgICAgNCkgaG92ZXIgbW91c2Ugb3ZlciBlbGVtZW50cyBwYW5lbCBpdGVtcyBt dWx0aXBsZSB0aW1lcworICAgICAgICA1KSBDUkFTSAorICAgICAgICBMb29rcyBsaWtlIGl0IGlz IGEgcmFjZSBjb25kaXRpb24uIFdlYk5vZGVIaWdobGlnaHRWaWV3IGRvZXNuJ3QgY2hlY2sKKyAg ICAgICAgdGhlIHBvaW50ZXIgdG8gV2ViTm9kZUhpZ2hsaWdoIG9iamVjdCBhbmQgaXQgY2FuIGJl IG5pbC4KKworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 NDYyNjEKKworICAgICAgICAqIFdlYkluc3BlY3Rvci9XZWJOb2RlSGlnaGxpZ2h0Vmlldy5tbToK KyAgICAgICAgKC1bV2ViTm9kZUhpZ2hsaWdodFZpZXcgZHJhd1JlY3Q6XSk6CisKIDIwMTAtMDkt MjMgIEFuZHkgRXN0ZXMgIDxhZXN0ZXNAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5 IERhcmluIEFkbGVyLgpkaWZmIC0tZ2l0IGEvV2ViS2l0L21hYy9XZWJJbnNwZWN0b3IvV2ViTm9k ZUhpZ2hsaWdodFZpZXcubW0gYi9XZWJLaXQvbWFjL1dlYkluc3BlY3Rvci9XZWJOb2RlSGlnaGxp Z2h0Vmlldy5tbQppbmRleCBiM2NkNjllLi5hZjdjZDRkIDEwMDY0NAotLS0gYS9XZWJLaXQvbWFj L1dlYkluc3BlY3Rvci9XZWJOb2RlSGlnaGxpZ2h0Vmlldy5tbQorKysgYi9XZWJLaXQvbWFjL1dl Ykluc3BlY3Rvci9XZWJOb2RlSGlnaGxpZ2h0Vmlldy5tbQpAQCAtNzEsMTAgKzcxLDExIEBAIHVz aW5nIG5hbWVzcGFjZSBXZWJDb3JlOwogCiAgICAgQVNTRVJUKFtbTlNHcmFwaGljc0NvbnRleHQg Y3VycmVudENvbnRleHRdIGlzRmxpcHBlZF0pOwogCi0gICAgR3JhcGhpY3NDb250ZXh0IGNvbnRl eHQoKFBsYXRmb3JtR3JhcGhpY3NDb250ZXh0KilbW05TR3JhcGhpY3NDb250ZXh0IGN1cnJlbnRD b250ZXh0XSBncmFwaGljc1BvcnRdKTsKLSAgICBbX3dlYk5vZGVIaWdobGlnaHQgaW5zcGVjdG9y Q29udHJvbGxlcl0tPmRyYXdOb2RlSGlnaGxpZ2h0KGNvbnRleHQpOwotCi0gICAgW05TR3JhcGhp Y3NDb250ZXh0IHJlc3RvcmVHcmFwaGljc1N0YXRlXTsKKyAgICBpZiAoX3dlYk5vZGVIaWdobGln aHQpIHsKKyAgICAgICAgR3JhcGhpY3NDb250ZXh0IGNvbnRleHQoKFBsYXRmb3JtR3JhcGhpY3ND b250ZXh0KilbW05TR3JhcGhpY3NDb250ZXh0IGN1cnJlbnRDb250ZXh0XSBncmFwaGljc1BvcnRd KTsKKyAgICAgICAgW193ZWJOb2RlSGlnaGxpZ2h0IGluc3BlY3RvckNvbnRyb2xsZXJdLT5kcmF3 Tm9kZUhpZ2hsaWdodChjb250ZXh0KTsKKyAgICAgICAgW05TR3JhcGhpY3NDb250ZXh0IHJlc3Rv cmVHcmFwaGljc1N0YXRlXTsKKyAgICB9CiB9CiAKIC0gKFdlYk5vZGVIaWdobGlnaHQgKil3ZWJO b2RlSGlnaGxpZ2h0Cg== 68666 2010-09-24 04:43:43 -0700 2010-09-24 09:40:28 -0700 [patch] initial version. patch text/plain 1974 loislo ZGlmZiAtLWdpdCBhL1dlYktpdC9tYWMvQ2hhbmdlTG9nIGIvV2ViS2l0L21hYy9DaGFuZ2VMb2cK aW5kZXggNDIxOTdmZC4uZDhlODIxMyAxMDA2NDQKLS0tIGEvV2ViS2l0L21hYy9DaGFuZ2VMb2cK KysrIGIvV2ViS2l0L21hYy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwyMSBAQAorMjAxMC0wOS0yNCAg SWx5YSBUaWtob25vdnNreSAgPGxvaXNsb0BjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgV2ViIEluc3BlY3RvcjogQ1JBU0ggYXQg bm9kZSBoaWdobGlnaHQgb24gTUFDIFNhZmFyaS4KKyAgICAgICAgMSkgcnVuLXNhZmFyaSAtLWRl YnVnCisgICAgICAgIDIpIG9wZW4gaW5zcGVjdG9yCisgICAgICAgIDMpIG9wZW4gZWxlbWVudHMg cGFuZWwKKyAgICAgICAgNCkgaG92ZXIgbW91c2Ugb3ZlciBlbGVtZW50cyBwYW5lbCBpdGVtcyBt dWx0aXBsZSB0aW1lcworICAgICAgICA1KSBDUkFTSAorICAgICAgICBMb29rcyBsaWtlIGl0IGlz IGEgcmFjZSBjb25kaXRpb24uIFdlYk5vZGVIaWdobGlnaHRWaWV3IGRvZXNuJ3QgY2hlY2sKKyAg ICAgICAgdGhlIHBvaW50ZXIgdG8gV2ViTm9kZUhpZ2hsaWdoIG9iamVjdCBhbmQgaXQgY2FuIGJl IG5pbC4KKworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 NDYyNjEKKworICAgICAgICAqIFdlYkluc3BlY3Rvci9XZWJOb2RlSGlnaGxpZ2h0Vmlldy5tbToK KyAgICAgICAgKC1bV2ViTm9kZUhpZ2hsaWdodFZpZXcgZHJhd1JlY3Q6XSk6CisKIDIwMTAtMDkt MjMgIEFuZHkgRXN0ZXMgIDxhZXN0ZXNAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5 IERhcmluIEFkbGVyLgpkaWZmIC0tZ2l0IGEvV2ViS2l0L21hYy9XZWJJbnNwZWN0b3IvV2ViTm9k ZUhpZ2hsaWdodFZpZXcubW0gYi9XZWJLaXQvbWFjL1dlYkluc3BlY3Rvci9XZWJOb2RlSGlnaGxp Z2h0Vmlldy5tbQppbmRleCBiM2NkNjllLi43ZmMzY2Y0IDEwMDY0NAotLS0gYS9XZWJLaXQvbWFj L1dlYkluc3BlY3Rvci9XZWJOb2RlSGlnaGxpZ2h0Vmlldy5tbQorKysgYi9XZWJLaXQvbWFjL1dl Ykluc3BlY3Rvci9XZWJOb2RlSGlnaGxpZ2h0Vmlldy5tbQpAQCAtNjcsMTQgKzY3LDE1IEBAIHVz aW5nIG5hbWVzcGFjZSBXZWJDb3JlOwogCiAtICh2b2lkKWRyYXdSZWN0OihOU1JlY3QpcmVjdCAK IHsKLSAgICBbTlNHcmFwaGljc0NvbnRleHQgc2F2ZUdyYXBoaWNzU3RhdGVdOworICAgIGlmIChf d2ViTm9kZUhpZ2hsaWdodCkgeworICAgICAgICBbTlNHcmFwaGljc0NvbnRleHQgc2F2ZUdyYXBo aWNzU3RhdGVdOwogCi0gICAgQVNTRVJUKFtbTlNHcmFwaGljc0NvbnRleHQgY3VycmVudENvbnRl eHRdIGlzRmxpcHBlZF0pOworICAgICAgICBBU1NFUlQoW1tOU0dyYXBoaWNzQ29udGV4dCBjdXJy ZW50Q29udGV4dF0gaXNGbGlwcGVkXSk7CiAKLSAgICBHcmFwaGljc0NvbnRleHQgY29udGV4dCgo UGxhdGZvcm1HcmFwaGljc0NvbnRleHQqKVtbTlNHcmFwaGljc0NvbnRleHQgY3VycmVudENvbnRl eHRdIGdyYXBoaWNzUG9ydF0pOwotICAgIFtfd2ViTm9kZUhpZ2hsaWdodCBpbnNwZWN0b3JDb250 cm9sbGVyXS0+ZHJhd05vZGVIaWdobGlnaHQoY29udGV4dCk7Ci0KLSAgICBbTlNHcmFwaGljc0Nv bnRleHQgcmVzdG9yZUdyYXBoaWNzU3RhdGVdOworICAgICAgICBHcmFwaGljc0NvbnRleHQgY29u dGV4dCgoUGxhdGZvcm1HcmFwaGljc0NvbnRleHQqKVtbTlNHcmFwaGljc0NvbnRleHQgY3VycmVu dENvbnRleHRdIGdyYXBoaWNzUG9ydF0pOworICAgICAgICBbX3dlYk5vZGVIaWdobGlnaHQgaW5z cGVjdG9yQ29udHJvbGxlcl0tPmRyYXdOb2RlSGlnaGxpZ2h0KGNvbnRleHQpOworICAgICAgICBb TlNHcmFwaGljc0NvbnRleHQgcmVzdG9yZUdyYXBoaWNzU3RhdGVdOworICAgIH0KIH0KIAogLSAo V2ViTm9kZUhpZ2hsaWdodCAqKXdlYk5vZGVIaWdobGlnaHQK