<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE bugzilla SYSTEM "https://bugs.webkit.org/page.cgi?id=bugzilla.dtd">

<bugzilla version="5.0.4.1"
          urlbase="https://bugs.webkit.org/"
          
          maintainer="admin@webkit.org"
>

    <bug>
          <bug_id>88217</bug_id>
          
          <creation_ts>2012-06-04 01:16:32 -0700</creation_ts>
          <short_desc>Crash in WebCore::RenderView::getRetainedWidgets</short_desc>
          <delta_ts>2012-06-04 02:32:32 -0700</delta_ts>
          <reporter_accessible>1</reporter_accessible>
          <cclist_accessible>1</cclist_accessible>
          <classification_id>1</classification_id>
          <classification>Unclassified</classification>
          <product>WebKit</product>
          <component>Frames</component>
          <version>528+ (Nightly build)</version>
          <rep_platform>Unspecified</rep_platform>
          <op_sys>Unspecified</op_sys>
          <bug_status>RESOLVED</bug_status>
          <resolution>FIXED</resolution>
          
          
          <bug_file_loc></bug_file_loc>
          <status_whiteboard></status_whiteboard>
          <keywords>InRadar</keywords>
          <priority>P2</priority>
          <bug_severity>Normal</bug_severity>
          <target_milestone>---</target_milestone>
          
          
          <everconfirmed>1</everconfirmed>
          <reporter name="Antti Koivisto">koivisto</reporter>
          <assigned_to name="Nobody">webkit-unassigned</assigned_to>
          <cc>kling</cc>
    
    <cc>zalan</cc>
          

      

      

      

          <comment_sort_order>oldest_to_newest</comment_sort_order>  
          <long_desc isprivate="0" >
    <commentid>640392</commentid>
    <comment_count>0</comment_count>
    <who name="Antti Koivisto">koivisto</who>
    <bug_when>2012-06-04 01:16:32 -0700</bug_when>
    <thetext>This has been seen on the field. Looks like RenderView is null. Don&apos;t know how to repro.

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   WebCore                       	0x3778ff90 WebCore::RenderView::getRetainedWidgets(WTF::Vector&lt;WebCore::RenderWidget*, 0ul&gt;&amp;) (HashTable.h:315)
1   WebCore                       	0x3778ff20 WebCore::RenderView::updateWidgetPositions() (Vector.h:326)
2   WebCore                       	0x3779178e WebCore::FrameView::performPostLayoutTasks() (FrameView.cpp:2224)
3   WebCore                       	0x37771962 WebCore::FrameView::layout(bool) (FrameView.cpp:951)
4   WebCore                       	0x37915e02 WebCore::RenderFrameBase::layoutWithFlattening(bool, bool) (RenderFrameBase.cpp:50)
5   WebCore                       	0x3788e98a WebCore::RenderIFrame::layout() (RenderIFrame.cpp:119)
6   WebCore                       	0x37778330 WebCore::RenderBlock::layoutInlineChildren(bool, int&amp;, int&amp;) (RenderObject.h:573)
7   WebCore                       	0x37773a1c WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1269)
8   WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
9   WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
10  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
11  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
12  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
13  WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
14  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
15  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
16  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
17  WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
18  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
19  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
20  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
21  WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
22  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
23  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
24  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
25  WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
26  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
27  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
28  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
29  WebCore                       	0x378488e0 WebCore::RenderBlock::insertFloatingObject(WebCore::RenderBox*) (RenderObject.h:573)
30  WebCore                       	0x377a1bf0 WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver&lt;WebCore::InlineIterator, WebCore::BidiRun&gt;&amp;, WebCore::LineInfo const&amp;, WebCore::RenderBlock::FloatingObject*, WebCore::LineWidth&amp;) (RenderBlockLineLayout.cpp:1550)
31  WebCore                       	0x3779f6ba WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver&lt;WebCore::InlineIterator, WebCore::BidiRun&gt;&amp;, WebCore::LineInfo&amp;, std::pair&lt;WebCore::RenderText*, WebCore::LazyLineBreakIterator&gt;&amp;, WebCore::RenderBlock::FloatingObject*) (RenderBlockLineLayout.cpp:1845)
32  WebCore                       	0x3779e618 WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&amp;, bool, WTF::Vector&lt;WebCore::RenderBlock::FloatWithRect, 0ul&gt;&amp;) (RenderBlockLineLayout.cpp:948)
33  WebCore                       	0x37778372 WebCore::RenderBlock::layoutInlineChildren(bool, int&amp;, int&amp;) (RenderBlockLineLayout.cpp:1188)
34  WebCore                       	0x37773a1c WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1269)
35  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
36  WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
37  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
38  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
39  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
40  WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
41  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
42  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
43  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
44  WebCore                       	0x37775bd6 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&amp;, int&amp;, int&amp;) (RenderBlock.cpp:2009)
45  WebCore                       	0x377751a8 WebCore::RenderBlock::layoutBlockChildren(bool, int&amp;) (RenderBlock.cpp:1947)
46  WebCore                       	0x37773a28 WebCore::RenderBlock::layoutBlock(bool, int) (RenderBlock.cpp:1271)
47  WebCore                       	0x37772d3a WebCore::RenderBlock::layout() (RenderBlock.cpp:1167)
48  WebCore                       	0x37772cf8 WebCore::RenderView::layout() (RenderView.cpp:130)
49  WebCore                       	0x37771ea8 WebCore::FrameView::layout(bool) (FrameView.cpp:1078)
50  WebCore                       	0x37781326 WebCore::Document::updateLayout() (Document.cpp:1704)
51  WebCore                       	0x37788666 WebCore::VisibleSelection::toNormalizedRange() const (Node.h:365)
52  WebKit                        	0x31bb782e -[WebFrame(WebPrivate) selectedDOMRange] (FrameSelection.h:190)</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>640393</commentid>
    <comment_count>1</comment_count>
    <who name="Antti Koivisto">koivisto</who>
    <bug_when>2012-06-04 01:17:04 -0700</bug_when>
    <thetext>&lt;rdar://problem/10156800&gt;</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>640399</commentid>
    <comment_count>2</comment_count>
      <attachid>145536</attachid>
    <who name="Antti Koivisto">koivisto</who>
    <bug_when>2012-06-04 01:31:31 -0700</bug_when>
    <thetext>Created attachment 145536
patch</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>640425</commentid>
    <comment_count>3</comment_count>
      <attachid>145536</attachid>
    <who name="alan">zalan</who>
    <bug_when>2012-06-04 02:17:56 -0700</bug_when>
    <thetext>Comment on attachment 145536
patch

LGTM. root-&gt;updateWidgetPositions() calls are null checked at other places too.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>640431</commentid>
    <comment_count>4</comment_count>
    <who name="Antti Koivisto">koivisto</who>
    <bug_when>2012-06-04 02:32:32 -0700</bug_when>
    <thetext>http://trac.webkit.org/changeset/119378</thetext>
  </long_desc>
      
          <attachment
              isobsolete="0"
              ispatch="1"
              isprivate="0"
          >
            <attachid>145536</attachid>
            <date>2012-06-04 01:31:31 -0700</date>
            <delta_ts>2012-06-04 02:29:14 -0700</delta_ts>
            <desc>patch</desc>
            <filename>root-renderer-null.patch</filename>
            <type>text/plain</type>
            <size>1871</size>
            <attacher name="Antti Koivisto">koivisto</attacher>
            
              <data encoding="base64">SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi
Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDExOTM3MykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n
ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE5IEBACisyMDEyLTA2LTA0ICBBbnR0aSBL
b2l2aXN0byAgPGFudHRpQGFwcGxlLmNvbT4KKworICAgICAgICBDcmFzaCBpbiBXZWJDb3JlOjpS
ZW5kZXJWaWV3OjpnZXRSZXRhaW5lZFdpZGdldHMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp
dC5vcmcvc2hvd19idWcuY2dpP2lkPTg4MjE3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ
IChPT1BTISkuCisgICAgICAgIAorICAgICAgICBUaGVyZSBpcyBubyBrbm93biByZXBybywgdGhl
IGNyYXNoIGhhcyBiZWVuIHNlZW4gb24gdGhlIGZpZWxkLiBJdCBpcyBsaWtlbHkgdGhhdCBpdCBo
YXBwZW5zIHdpdGggZnJhbWUKKyAgICAgICAgZmxhdHRlbmluZyBlbmFibGVkIG9ubHkuCisKKyAg
ICAgICAgTnVsbCBjaGVjayByb290IHJlbmRlcmVyIGluIHBlcmZvcm1Qb3N0TGF5b3V0VGFza3Mu
IFRoZSByb290IGNhbiBsZWdpdGltZWx5IGJlIG51bGwgZm9yIHNldmVyYWwgcmVhc29ucyBhbmQK
KyAgICAgICAgaXMgbW9zdGx5IG51bGwgY2hlY2tlZCBldmVyeXdoZXJlIGVsc2UuCisKKyAgICAg
ICAgKiBwYWdlL0ZyYW1lVmlldy5jcHA6CisgICAgICAgIChXZWJDb3JlOjpGcmFtZVZpZXc6OnBl
cmZvcm1Qb3N0TGF5b3V0VGFza3MpOgorCiAyMDEyLTA1LTMxICBLaW51a28gWWFzdWRhICA8a2lu
dWtvQGNocm9taXVtLm9yZz4KIAogICAgICAgICBbY2hyb21pdW1dIERhdGFUcmFuc2Zlckl0ZW0u
d2Via2l0R2V0QXNFbnRyeSgpIHNob3VsZCBzeW5jaHJvbm91c2x5IHJldHVybiBlbnRyeQpJbmRl
eDogU291cmNlL1dlYkNvcmUvcGFnZS9GcmFtZVZpZXcuY3BwCj09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJj
ZS9XZWJDb3JlL3BhZ2UvRnJhbWVWaWV3LmNwcAkocmV2aXNpb24gMTE5MzYxKQorKysgU291cmNl
L1dlYkNvcmUvcGFnZS9GcmFtZVZpZXcuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0yMzc0LDcgKzIz
NzQsOCBAQCB2b2lkIEZyYW1lVmlldzo6cGVyZm9ybVBvc3RMYXlvdXRUYXNrcygpCiAgICAgbV9m
cmFtZS0+bG9hZGVyKCktPmNsaWVudCgpLT5kaXNwYXRjaERpZExheW91dCgpOwogCiAgICAgUmVu
ZGVyVmlldyogcm9vdCA9IHJvb3RSZW5kZXJlcih0aGlzKTsKLSAgICByb290LT51cGRhdGVXaWRn
ZXRQb3NpdGlvbnMoKTsKKyAgICBpZiAocm9vdCkKKyAgICAgICAgcm9vdC0+dXBkYXRlV2lkZ2V0
UG9zaXRpb25zKCk7CiAgICAgCiAgICAgZm9yICh1bnNpZ25lZCBpID0gMDsgaSA8IG1heFVwZGF0
ZVdpZGdldHNJdGVyYXRpb25zOyBpKyspIHsKICAgICAgICAgaWYgKHVwZGF0ZVdpZGdldHMoKSkK
QEAgLTIzOTUsNyArMjM5Niw3IEBAIHZvaWQgRnJhbWVWaWV3OjpwZXJmb3JtUG9zdExheW91dFRh
c2tzKCkKIAogICAgIG1fYWN0aW9uU2NoZWR1bGVyLT5yZXN1bWUoKTsKIAotICAgIGlmICghcm9v
dC0+cHJpbnRpbmcoKSkgeworICAgIGlmIChyb290ICYmICFyb290LT5wcmludGluZygpKSB7CiAg
ICAgICAgIEludFNpemUgY3VycmVudFNpemU7CiAgICAgICAgIGlmICh1c2VGaXhlZExheW91dCgp
ICYmICFmaXhlZExheW91dFNpemUoKS5pc0VtcHR5KCkgJiYgZGVsZWdhdGVzU2Nyb2xsaW5nKCkp
CiAgICAgICAgICAgICBjdXJyZW50U2l6ZSA9IGZpeGVkTGF5b3V0U2l6ZSgpOwo=
</data>
<flag name="review"
          id="152661"
          type_id="1"
          status="+"
          setter="kenneth"
    />
          </attachment>
      

    </bug>

</bugzilla>