59311 2011-04-24 21:52:53 -0700 [GTK] Crash in WebCore::FrameView::notifyPageThatContentAreaWillPaint() 2011-04-25 13:01:02 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED FIXED Gtk P3 Normal --- 1 mrobinson mrobinson xan.lopez oldest_to_newest 391679 0 mrobinson 2011-04-24 21:52:53 -0700 (gdb) bt #0 0x00afd894 in WebCore::FrameView::notifyPageThatContentAreaWillPaint() const () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0 #1 0x00b880fa in WebCore::ScrollView::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0 #2 0x00c95d19 in WebCore::RenderWidget::paint(WebCore::PaintInfo&, int, int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0 #3 0x00c3b682 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0 #4 0x00c3bf9c in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0u>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0 #5 0x00c3af70 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0 #6 0x00c3bf9c in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0u>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0 The issue here seems to be that a GtkAdjustment is attached to some zombie Scrollbar. 391680 1 90900 mrobinson 2011-04-24 22:14:08 -0700 Created attachment 90900 Patch 391792 2 90900 xan.lopez 2011-04-25 09:42:25 -0700 Comment on attachment 90900 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=90900&action=review r=me with that check. > Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:72 > + // In some cases this adjustment may still be attached to a living MainFrameScrollbar. I suppose we don't really know when this happens? > Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:80 > + 0, reinterpret_cast<void*>(MainFrameScrollbarGtk::gtkValueChanged), 0); Double check that you really need the signal id and the detail. 391853 3 mrobinson 2011-04-25 13:01:02 -0700 Committed r84793: <http://trac.webkit.org/changeset/84793> 90900 2011-04-24 22:14:08 -0700 2011-04-25 09:42:25 -0700 Patch bug-59311-20110424221346.patch text/plain 2138 mrobinson U3VidmVyc2lvbiBSZXZpc2lvbjogODQ3NjQKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCBkMGY5MGVmZTVhMDc5ZjFj MzRlMWUwMmMwNGQ0M2MyMWNhZjIxODc3Li5hYTlkNjIwNjliZDNmMDgzNmJjNzQxMGY0Zjk0YjJh Y2VkZjgyYWM1IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTEtMDQtMjQgIE1hcnRp biBSb2JpbnNvbiAgPG1yb2JpbnNvbkBpZ2FsaWEuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFtHVEtdIENyYXNoIGluIFdlYkNvcmU6OkZyYW1l Vmlldzo6bm90aWZ5UGFnZVRoYXRDb250ZW50QXJlYVdpbGxQYWludCgpCisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD01OTMxMQorCisgICAgICAgICogcGxh dGZvcm0vZ3RrL01haW5GcmFtZVNjcm9sbGJhckd0ay5jcHA6CisgICAgICAgIChNYWluRnJhbWVT Y3JvbGxiYXJHdGs6OmF0dGFjaEFkanVzdG1lbnQpOiBCZWZvcmUgY29ubmVjdGluZyBhbiBhZGp1 c3RtZW50IHRvIGEgc2Nyb2xsYmFyCisgICAgICAgIGRpc2Nvbm5lY3QgYW55IGxpbmdlcmluZyBz aWduYWwgaGFuZGxlcnMuIFRoaXMgcHJldmVudHMgYW4gYWRqdXN0bWVudCBmcm9tIGNvbnRyb2xs aW5nIHRoZQorICAgICAgICBhY3RpdmUgU2Nyb2xsVmlldyBhbmQgc29tZSB6b21iaWUgU2Nyb2xs Vmlldy4KKwogMjAxMS0wNC0yNCAgR2VvZmZyZXkgR2FyZW4gIDxnZ2FyZW5AYXBwbGUuY29tPgog CiAgICAgICAgIFJldmlld2VkIGJ5IFNhbSBXZWluaWcuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2Vi Q29yZS9wbGF0Zm9ybS9ndGsvTWFpbkZyYW1lU2Nyb2xsYmFyR3RrLmNwcCBiL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL2d0ay9NYWluRnJhbWVTY3JvbGxiYXJHdGsuY3BwCmluZGV4IGQ4Y2RiNzlk YTBlYTdiMGQ2MWJiMmVhYmM3Mjc4YWRjNjdlY2M3ZGMuLjYxYzYwMmRlM2JmYjQ2YjBhYTAyNjA4 MGYzMmQyMGFkYjQ4ZjIwZWIgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2d0 ay9NYWluRnJhbWVTY3JvbGxiYXJHdGsuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3Jt L2d0ay9NYWluRnJhbWVTY3JvbGxiYXJHdGsuY3BwCkBAIC02OSw2ICs2OSwxNiBAQCB2b2lkIE1h aW5GcmFtZVNjcm9sbGJhckd0azo6YXR0YWNoQWRqdXN0bWVudChHdGtBZGp1c3RtZW50KiBhZGp1 c3RtZW50KQogICAgIGlmICghbV9hZGp1c3RtZW50KQogICAgICAgICByZXR1cm47CiAKKyAgICAv LyBJbiBzb21lIGNhc2VzIHRoaXMgYWRqdXN0bWVudCBtYXkgc3RpbGwgYmUgYXR0YWNoZWQgdG8g YSBsaXZpbmcgTWFpbkZyYW1lU2Nyb2xsYmFyLgorICAgIC8vIElmIHRoYXQncyB0aGUgY2FzZSB3 ZSB3YW50IHRvIGZvcmNlIGEgZGlzY29ubmVjdGlvbiBub3csIGJlZm9yZSB3ZSBtb2RpZnkgdGhl IHZhbHVlcy4KKyAgICBzdGF0aWMgZ3VpbnQgc2lnbmFsSWQgPSAtMTsKKyAgICBzdGF0aWMgR1F1 YXJrIGRldGFpbDsKKyAgICBpZiAoc2lnbmFsSWQpCisgICAgICAgIGdfc2lnbmFsX3BhcnNlX25h bWUoInZhbHVlLWNoYW5nZWQiLCBHVEtfVFlQRV9BREpVU1RNRU5ULCAmc2lnbmFsSWQsICZkZXRh aWwsIEZBTFNFKTsKKyAgICBBU1NFUlQoc2lnbmFsSWQpOworICAgIGdfc2lnbmFsX2hhbmRsZXJz X2Rpc2Nvbm5lY3RfbWF0Y2hlZChtX2FkanVzdG1lbnQuZ2V0KCksIEdfU0lHTkFMX01BVENIX0ZV TkMsIHNpZ25hbElkLCBkZXRhaWwsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDAsIHJlaW50ZXJwcmV0X2Nhc3Q8dm9pZCo+KE1haW5GcmFtZVNjcm9sbGJhckd0azo6 Z3RrVmFsdWVDaGFuZ2VkKSwgMCk7CisKICAgICB1cGRhdGVUaHVtYlByb3BvcnRpb24oKTsKICAg ICB1cGRhdGVUaHVtYlBvc2l0aW9uKCk7CiAgICAgZ19zaWduYWxfY29ubmVjdChtX2FkanVzdG1l bnQuZ2V0KCksICJ2YWx1ZS1jaGFuZ2VkIiwgR19DQUxMQkFDSyhNYWluRnJhbWVTY3JvbGxiYXJH dGs6Omd0a1ZhbHVlQ2hhbmdlZCksIHRoaXMpOwo=