Bug 117754

Summary: widthMediaFeatureEval ends up with null FrameView during iframe unload.
Product: WebKit Reporter: alan <zalan>
Component: FramesAssignee: alan <zalan>
Status: RESOLVED FIXED    
Severity: Major CC: commit-queue, eric.carlson, esprehn+autocc, glenn, jer.noble, macpherson, menard
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

alan
Reported 2013-06-18 14:15:11 PDT
0x0000000107dd3384 WebCore::ScrollView::layoutSize() const + 4 0x0000000107ba41e6 WebCore::widthMediaFeatureEval(WebCore::CSSValue*, WebCore::RenderStyle*, WebCore::Frame*, WebCore::MediaFeaturePrefix) + 38 0x0000000107ba4e5b WebCore::min_widthMediaFeatureEval(WebCore::CSSValue*, WebCore::RenderStyle*, WebCore::Frame*, WebCore::MediaFeaturePrefix) + 11 0x0000000107ba3c68 WebCore::MediaQueryEvaluator::eval(WebCore::MediaQueryExp const*) const + 3880 0x0000000107e643f5 WebCore::StyleResolver::affectedByViewportChange() const + 69 0x00000001076118d9 WebCore::FrameView::setFrameRect(WebCore::IntRect const&) + 265 0x0000000107d7b644 WebCore::RenderWidget::setWidgetGeometry(WebCore::LayoutRect const&) + 324 0x0000000107d7b808 WebCore::RenderWidget::updateWidgetGeometry() + 296 0x0000000107d7c209 WebCore::RenderWidget::updateWidgetPosition() + 41 0x0000000107d79482 WebCore::RenderView::updateWidgetPositions() + 258 0x00000001076169f9 WebCore::FrameView::repaintFixedElementsAfterScrolling() + 73 0x0000000107dd3a19 WebCore::ScrollView::scrollTo(WebCore::IntSize const&) + 89 0x000000010761867c WebCore::FrameView::scrollTo(WebCore::IntSize const&) + 44 0x0000000107dd39a1 WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) + 177 0x0000000107dbd198 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) + 56 0x0000000107dbd0ee WebCore::ScrollableArea::notifyScrollPositionChanged(WebCore::IntPoint const&) + 30 0x0000000107dc849b WebCore::ScrollingCoordinator::updateMainFrameScrollPosition(WebCore::IntPoint const&, bool, WebCore::SetOrSyncScrollingLayerPosition) + 91 0x0000000107dc97f4 WebCore::ScrollingCoordinatorMac::requestScrollPositionUpdate(WebCore::FrameView*, WebCore::IntPoint const&) + 100 0x0000000107616c34 WebCore::FrameView::requestScrollPositionUpdate(WebCore::IntPoint const&) + 148 0x0000000107616650 WebCore::FrameView::setScrollPosition(WebCore::IntPoint const&) + 144 0x0000000107bda113 WebCore::Page::setPageScaleFactor(float, WebCore::IntPoint const&) + 467 0x00000001075ff265 WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 645 0x00000001075f9b44 WebCore::FrameLoader::checkLoadComplete() + 132 0x00000001075f983a WebCore::FrameLoader::checkCompleted() + 378 0x00000001075f8a68 WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 88 0x00000001075ff5db WebCore::FrameLoader::open(WebCore::CachedFrameBase&) + 427 0x0000000107374801 WebCore::CachedFrame::open() + 33 0x0000000107376e79 WebCore::CachedPage::restore(WebCore::Page*) + 25 0x00000001075fe7ac WebCore::FrameLoader::commitProvisionalLoad() + 572 0x00000001075fd488 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 488 0x00000001075fd552 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 34 0x0000000107c0191a WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 474 0x00000001075fd178 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1176 0x00000001075fa1c4 WebCore::FrameLoader::loadDifferentDocumentItem(WebCore::HistoryItem*, WebCore::FrameLoadType, WebCore::FrameLoader::FormSubmissionCacheLoadPolicy) + 100 0x000000010765c395 WebCore::HistoryController::recursiveGoToItem(WebCore::HistoryItem*, WebCore::HistoryItem*, WebCore::FrameLoadType) + 421 0x000000010765bfb5 WebCore::HistoryController::goToItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 213
Attachments
Patch (8.56 KB, patch)
2013-06-18 14:36 PDT, alan 		no flags
DetailsFormatted DiffDiff
Patch (8.54 KB, patch)
2013-06-18 14:52 PDT, alan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
alan
Comment 1 2013-06-18 14:36:28 PDT
Created attachment 204943 [details] Patch
Geoffrey Garen
Comment 2 2013-06-18 14:41:20 PDT
Comment on attachment 204943 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=204943&action=review r=me > LayoutTests/fast/frames/crash-when-child-iframe-forces-layout-during-unload-and-sibling-frame-has-mediaquery.html:20 > +<div id='resizeThis'>Ensures that when layout is forced on unload event, frames with media query do not crash.</div> Should be "...during an unload event.." and "...frames with media queries..."
alan
Comment 3 2013-06-18 14:52:57 PDT
Created attachment 204947 [details] Patch
WebKit Commit Bot
Comment 4 2013-06-18 15:03:28 PDT
Comment on attachment 204947 [details] Patch Clearing flags on attachment: 204947 Committed r151702: <http://trac.webkit.org/changeset/151702>
WebKit Commit Bot
Comment 5 2013-06-18 15:03:31 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.