Bug 135022

Summary:

Crash in ServicesOverlayController::~ServicesOverlayController

Product:

WebKit

Reporter:

Brady Eidson <beidson>

Component:

WebKit2

Assignee:

Brady Eidson <beidson>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

thorton

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

All

Attachments:

Description	Flags
Patch v1	thorton: review+

Description Brady Eidson 2014-07-17 13:50:40 PDT

Crash in ServicesOverlayController::~ServicesOverlayController

No need to uninstall the PageOverlay, because in WebPage teardown the PageOverlay has already been destroyed.

<rdar://problem/17622172>

Comment 1 Brady Eidson 2014-07-17 13:52:32 PDT

Created attachment 235090 [details]
Patch v1

Comment 2 Tim Horton 2014-07-17 13:54:32 PDT

Comment on attachment 235090 [details]
Patch v1 

View in context: https://bugs.webkit.org/attachment.cgi?id=235090&action=review

> Source/WebKit2/WebProcess/WebPage/mac/ServicesOverlayController.mm:-86
> -        m_webPage->uninstallPageOverlay(m_servicesOverlay, PageOverlay::FadeMode::DoNotFade);

you should assert that your back pointer was nulled out (and let it be nulled out! fix the early return in willMoveToWebPage).

Comment 3 Tim Horton 2014-07-17 14:00:16 PDT

(In reply to comment #2)
> (From update of attachment 235090 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=235090&action=review
> 
> > Source/WebKit2/WebProcess/WebPage/mac/ServicesOverlayController.mm:-86
> > -        m_webPage->uninstallPageOverlay(m_servicesOverlay, PageOverlay::FadeMode::DoNotFade);
> 
> you should assert that your back pointer was nulled out (and let it be nulled out! fix the early return in willMoveToWebPage).

Nevermind!

Comment 4 Brady Eidson 2014-07-17 14:03:40 PDT

(In reply to comment #2)
> (From update of attachment 235090 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=235090&action=review
> 
> > Source/WebKit2/WebProcess/WebPage/mac/ServicesOverlayController.mm:-86
> > -        m_webPage->uninstallPageOverlay(m_servicesOverlay, PageOverlay::FadeMode::DoNotFade);
> 
> you should assert that your back pointer was nulled out (and let it be nulled out! fix the early return in willMoveToWebPage).

Clarified on IRC - Tim misread the early return - It's correct.

But he also was assuming that willMoveToWebPage was called with a null WebPage on WebPage teardown.  It's not.

Filed https://bugs.webkit.org/show_bug.cgi?id=135024 for that

Comment 5 Brady Eidson 2014-07-17 14:05:39 PDT

http://trac.webkit.org/changeset/171194