Bug 113369

Summary: [BlackBerry] Assert failure when destructing DumpRenderTree
Product: WebKit Reporter: Xiaobo Wang <xiaobwang>
Component: WebKit BlackBerryAssignee: Nobody <webkit-unassigned>
Status: CLOSED DUPLICATE    
Severity: Normal CC: mifenton, rwlbuis, tonikitoo, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: Other   
Attachments:
Description Flags
patch rwlbuis: review-

Xiaobo Wang
Reported 2013-03-27 00:55:40 PDT
RIM PR 316822 Back traces ============ #0 0x7817d142 in BlackBerry::Platform::platformCrash (file=0x78338fa8 "/home/worker/workspace/playbook/platform/blackberryplatform/BlackBerryPlatformGuardedPointer.cpp", line=<optimized out>, function=<optimized out>) at /home/worker/workspace/playbook/platform/blackberryplatform/BlackBerryPlatformAssert.cpp:24 #1 0x78186c8c in BlackBerry::Platform::GuardedPointerBase::~GuardedPointerBase (this=0x816426c, __in_chrg=<optimized out>) at /home/worker/workspace/playbook/platform/blackberryplatform/BlackBerryPlatformGuardedPointer.cpp:138 #2 0x782d97b4 in BlackBerry::Platform::LayoutTestClient::~LayoutTestClient (this=0x816426c, __in_chrg=<optimized out>) at /home/worker/workspace/playbook/platform/blackberryplatform/BlackBerryPlatformLayoutTest.cpp:22 #3 0x784c5a5a in ~Timer (this=0x81642f0, __in_chrg=<optimized out>) at /home/worker/workspace/playbook/webkit/Source/WebCore/platform/Timer.h:98 #4 BlackBerry::WebKit::DumpRenderTree::~DumpRenderTree (this=0x8164268, __in_chrg=<optimized out>) at /home/worker/workspace/playbook/webkit/Tools/DumpRenderTree/blackberry/DumpRenderTree.cpp:207 #5 0x784c5ac8 in destruct (end=0x0, begin=0x0) at /home/worker/workspace/playbook/webkit/Source/WTF/wtf/Vector.h:58 #6 destruct (end=0x0, begin=0x0) at /home/worker/workspace/playbook/webkit/Source/WTF/wtf/Vector.h:221 #7 shrink (this=0x8164278, size=<optimized out>) at /home/worker/workspace/playbook/webkit/Source/WTF/wtf/Vector.h:941 #8 ~Vector (this=0x8164278, __in_chrg=<optimized out>) at /home/worker/workspace/playbook/webkit/Source/WTF/wtf/Vector.h:547 #9 BlackBerry::WebKit::DumpRenderTree::~DumpRenderTree (this=0x8164268, __in_chrg=<optimized out>) at /home/worker/workspace/playbook/webkit/Tools/DumpRenderTree/blackberry/DumpRenderTree.cpp:207 #10 0x080980c8 in ?? () #11 0x080980c8 in ?? () Root cause ============ B::W::DumpRenderTree derived from B::W::DumpRenderTreeClient and B::P::LayoutTestClient, and B::P::LayoutTestClient derived from B::P::GuardedPointerBase. In WebPagePrivate::m_dumpRenderTree is a B::W::DumpRenderTreeClient pointer backed by a B::W::DumpRenderTree instance. So if we delete m_dumpRenderTree the DumpRenderTree object will be deleted directory without calling deleteGuardedObject, and hit the assert in GuardedPointerBase::~GuardedPointerBase(). Solution ========== Since WebPagePrivate::m_dumpRenderTree is not derived from GuardedPointerBase, we can't use "deleteGuardedObject(m_dumpRenderTree);". We can add a virtual function DumpRenderTreeClient::destroy() and use it to destruct the DumpRenderTree instance.
Attachments
patch (6.12 KB, patch)
2013-03-27 01:30 PDT, Xiaobo Wang 		rwlbuis: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Xiaobo Wang
Comment 1 2013-03-27 01:30:52 PDT
Created attachment 195241 [details] patch
Xiaobo Wang
Comment 2 2013-04-14 20:13:12 PDT
Fixed in another bug https://bugs.webkit.org/show_bug.cgi?id=114503 by Carlos Garcia Campos. So close this one for now. *** This bug has been marked as a duplicate of bug 114503 ***
Xiaobo Wang
Comment 3 2013-04-14 20:14:18 PDT
close
Rob Buis
Comment 4 2013-05-09 10:53:09 PDT
Comment on attachment 195241 [details] patch This was fixed in a different way, internal commit webkit/92b8ab4cf0514289f6114dd39c3944115ce5e72b.
Note You need to log in before you can comment on or make changes to this bug.