Bug 117754

Summary: widthMediaFeatureEval ends up with null FrameView during iframe unload.
Product: WebKit Reporter: zalan <zalan>
Component: FramesAssignee: zalan <zalan>
Status: RESOLVED FIXED    
Severity: Major CC: commit-queue, eric.carlson, esprehn+autocc, glenn, jer.noble, macpherson, menard
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Description zalan 2013-06-18 14:15:11 PDT
0x0000000107dd3384 WebCore::ScrollView::layoutSize() const + 4
0x0000000107ba41e6 WebCore::widthMediaFeatureEval(WebCore::CSSValue*, WebCore::RenderStyle*, WebCore::Frame*, WebCore::MediaFeaturePrefix) + 38
0x0000000107ba4e5b WebCore::min_widthMediaFeatureEval(WebCore::CSSValue*, WebCore::RenderStyle*, WebCore::Frame*, WebCore::MediaFeaturePrefix) + 11
0x0000000107ba3c68 WebCore::MediaQueryEvaluator::eval(WebCore::MediaQueryExp const*) const + 3880
0x0000000107e643f5 WebCore::StyleResolver::affectedByViewportChange() const + 69
0x00000001076118d9 WebCore::FrameView::setFrameRect(WebCore::IntRect const&) + 265
0x0000000107d7b644 WebCore::RenderWidget::setWidgetGeometry(WebCore::LayoutRect const&) + 324
0x0000000107d7b808 WebCore::RenderWidget::updateWidgetGeometry() + 296
0x0000000107d7c209 WebCore::RenderWidget::updateWidgetPosition() + 41
0x0000000107d79482 WebCore::RenderView::updateWidgetPositions() + 258
0x00000001076169f9 WebCore::FrameView::repaintFixedElementsAfterScrolling() + 73
0x0000000107dd3a19 WebCore::ScrollView::scrollTo(WebCore::IntSize const&) + 89
0x000000010761867c WebCore::FrameView::scrollTo(WebCore::IntSize const&) + 44
0x0000000107dd39a1 WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) + 177
0x0000000107dbd198 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) + 56
0x0000000107dbd0ee WebCore::ScrollableArea::notifyScrollPositionChanged(WebCore::IntPoint const&) + 30
0x0000000107dc849b WebCore::ScrollingCoordinator::updateMainFrameScrollPosition(WebCore::IntPoint const&, bool, WebCore::SetOrSyncScrollingLayerPosition) + 91
0x0000000107dc97f4 WebCore::ScrollingCoordinatorMac::requestScrollPositionUpdate(WebCore::FrameView*, WebCore::IntPoint const&) + 100
0x0000000107616c34 WebCore::FrameView::requestScrollPositionUpdate(WebCore::IntPoint const&) + 148
0x0000000107616650 WebCore::FrameView::setScrollPosition(WebCore::IntPoint const&) + 144
0x0000000107bda113 WebCore::Page::setPageScaleFactor(float, WebCore::IntPoint const&) + 467
0x00000001075ff265 WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 645
0x00000001075f9b44 WebCore::FrameLoader::checkLoadComplete() + 132
0x00000001075f983a WebCore::FrameLoader::checkCompleted() + 378
0x00000001075f8a68 WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 88
0x00000001075ff5db WebCore::FrameLoader::open(WebCore::CachedFrameBase&) + 427
0x0000000107374801 WebCore::CachedFrame::open() + 33
0x0000000107376e79 WebCore::CachedPage::restore(WebCore::Page*) + 25
0x00000001075fe7ac WebCore::FrameLoader::commitProvisionalLoad() + 572
0x00000001075fd488 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 488
0x00000001075fd552 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 34
0x0000000107c0191a WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 474
0x00000001075fd178 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1176
0x00000001075fa1c4 WebCore::FrameLoader::loadDifferentDocumentItem(WebCore::HistoryItem*, WebCore::FrameLoadType, WebCore::FrameLoader::FormSubmissionCacheLoadPolicy) + 100
0x000000010765c395 WebCore::HistoryController::recursiveGoToItem(WebCore::HistoryItem*, WebCore::HistoryItem*, WebCore::FrameLoadType) + 421
0x000000010765bfb5 WebCore::HistoryController::goToItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 213
Comment 1 zalan 2013-06-18 14:36:28 PDT
Created attachment 204943 [details]
Patch
Comment 2 Geoffrey Garen 2013-06-18 14:41:20 PDT
Comment on attachment 204943 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=204943&action=review

r=me

> LayoutTests/fast/frames/crash-when-child-iframe-forces-layout-during-unload-and-sibling-frame-has-mediaquery.html:20
> +<div id='resizeThis'>Ensures that when layout is forced on unload event, frames with media query do not crash.</div>

Should be "...during an unload event.." and "...frames with media queries..."
Comment 3 zalan 2013-06-18 14:52:57 PDT
Created attachment 204947 [details]
Patch
Comment 4 WebKit Commit Bot 2013-06-18 15:03:28 PDT
Comment on attachment 204947 [details]
Patch

Clearing flags on attachment: 204947

Committed r151702: <http://trac.webkit.org/changeset/151702>
Comment 5 WebKit Commit Bot 2013-06-18 15:03:31 PDT
All reviewed patches have been landed.  Closing bug.