Bug 135024
| Summary: | willMoveToWebPage should be called with a null WebPage on WebPage teardown. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Brady Eidson <beidson> |
| Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | thorton |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
Brady Eidson
willMoveToWebPage should be called with a null WebPage on WebPage teardown.
Instead the PageOverlayController is just destroyed, which just destroys each overlay, and never notifies the PageOverlay::clients
Here's a backtrace of what happens today to destroy a PageOverlay, and the willMoveToWebPage should've been called before that:
#0 0x0000000114dcf0e0 in WebKit::PageOverlay::~PageOverlay() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/PageOverlay.cpp:64
#1 0x0000000114f552af in -[WKObject dealloc] at /Volumes/Data/git/OpenSource/Source/WebKit2/Shared/Cocoa/WKObject.mm:40
#2 0x00007fff8225768c in objc_object::sidetable_release(bool) ()
#3 0x000000011529ff64 in API::Object::deref() at /Volumes/Data/git/OpenSource/Source/WebKit2/Shared/Cocoa/APIObject.mm:67
#4 0x0000000114b33d0b in void WTF::derefIfNotNull<WebKit::PageOverlay>(WebKit::PageOverlay*) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/PassRefPtr.h:39
#5 0x0000000114b33cc8 in WTF::RefPtr<WebKit::PageOverlay>::~RefPtr() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/RefPtr.h:55
#6 0x0000000114b2f265 in WTF::RefPtr<WebKit::PageOverlay>::~RefPtr() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/RefPtr.h:55
#7 0x000000011503049f in WTF::VectorDestructor<true, WTF::RefPtr<WebKit::PageOverlay> >::destruct(WTF::RefPtr<WebKit::PageOverlay>*, WTF::RefPtr<WebKit::PageOverlay>*) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:56
#8 0x000000011503045d in WTF::VectorTypeOperations<WTF::RefPtr<WebKit::PageOverlay> >::destruct(WTF::RefPtr<WebKit::PageOverlay>*, WTF::RefPtr<WebKit::PageOverlay>*) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:220
#9 0x00000001150303c0 in WTF::Vector<WTF::RefPtr<WebKit::PageOverlay>, 0ul, WTF::CrashOnOverflow>::shrink(unsigned long) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:957
#10 0x0000000115030324 in WTF::Vector<WTF::RefPtr<WebKit::PageOverlay>, 0ul, WTF::CrashOnOverflow>::~Vector() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:596
#11 0x0000000115030165 in WTF::Vector<WTF::RefPtr<WebKit::PageOverlay>, 0ul, WTF::CrashOnOverflow>::~Vector() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:594
#12 0x000000011502ff61 in WebKit::PageOverlayController::~PageOverlayController() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/PageOverlayController.h:45
#13 0x000000011502c625 in WebKit::PageOverlayController::~PageOverlayController() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/PageOverlayController.h:45
#14 0x00000001150dd98b in WebKit::WebPage::~WebPage() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:529
#15 0x00000001150de395 in WebKit::WebPage::~WebPage() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:489
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Tim Horton
This is pretty bad because there's no guarantee that PageOverlay clients don't outlive the page, and then they'll have dangling PageOverlay pointers.
Brady Eidson
(In reply to comment #1)
> This is pretty bad because there's no guarantee that PageOverlay clients don't outlive the page, and then they'll have dangling PageOverlay pointers.
Yup.