Bug 134284

Summary:

REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransactionID() when the Web Content process crashes

Product:

WebKit

Reporter:

mitz

Component:

WebKit2

Assignee:

Benjamin Poulain <benjamin>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, bunhere, cdumez, commit-queue, gyuyoung.kim, sergio, simon.fraser

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Description mitz 2014-06-24 17:52:11 PDT

After the Web Content process crashes, setting its scroll view’s content offset causes a crash:

* thread #1: tid = 0x1dd4a6, 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xe8)
  * frame #0: 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53
    frame #1: 0x000000011c5bcde7 WebKit`-[WKContentView didUpdateVisibleRect:unobscuredRect:unobscuredRectInScrollViewCoordinates:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:](self=0x00007ff6bac4a050, _cmd=0x000000011cb9f238, visibleRect=<unavailable>, unobscuredRect=<unavailable>, unobscuredRectInScrollViewCoordinates=<unavailable>, zoomScale=1, minimumScale=1, isStableState=true, isChangingObscuredInsetsInteractively=false) + 583 at WKContentView.mm:306
    frame #2: 0x000000011c3799a5 WebKit`-[WKWebView _updateVisibleContentRects](self=0x00007ff6bc872a50, _cmd=0x000000011cb9f0ed) + 1893 at WKWebView.mm:1309
    frame #3: 0x000000011c373526 WebKit`-[WKWebView _didInvokeUIScrollViewDelegateCallback](self=0x00007ff6bc872a50, _cmd=0x000000011cba0e10) + 86 at WKWebView.mm:638
    frame #4: 0x000000011c8df3d5 WebKit`-[WKScrollViewDelegateForwarder forwardInvocation:](self=0x00007ff6bc883aa0, _cmd=0x000000011265d104, anInvocation=0x00007ff6bae83030) + 309 at WKScrollView.mm:89

Comment 1 Benjamin Poulain 2014-06-24 20:06:18 PDT

Created attachment 233779 [details]
Patch

Comment 2 Simon Fraser (smfr) 2014-06-25 21:09:26 PDT

Comment on attachment 233779 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review

> Source/WebKit2/UIProcess/WebPageProxy.h:385
> +    void updateVisibleContentRects(const WebCore::FloatRect& exposedRect, const WebCore::FloatRect& unobscuredRect, const WebCore::FloatRect& unobscuredRectInScrollViewCoordinates, const WebCore::FloatRect& customFixedPositionRect, double scale, bool inStableState, bool isChangingObscuredInsetsInteractively, double timestamp, double horizontalVelocity, double verticalVelocity, double scaleChangeRate);

So many arguments.

Comment 3 Benjamin Poulain 2014-06-25 21:15:54 PDT

Comment on attachment 233779 [details]
Patch

Clearing flags on attachment: 233779

Committed r170460: <http://trac.webkit.org/changeset/170460>

Comment 4 Benjamin Poulain 2014-06-25 21:15:59 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Darin Adler 2014-06-26 09:43:02 PDT

Comment on attachment 233779 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review

> Source/WebKit2/UIProcess/ios/WebPageProxyIOS.mm:202
> +    return;

Should remove this line.