Bug 16456

Summary: Crash in FrameView and other places because ScrollView has Children that were deleted
Product: WebKit Reporter: Holger Freyther <zecke>
Component: PlatformAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.4   
Attachments:
Description Flags
Crash Fix darin: review+

Holger Freyther
Reported 2007-12-15 17:53:27 PST
It is possible that we delete a WebCore::Widget without removing it from the parent (ScrollView). #3 0xb659f958 in qt_message_output (msgType=QtFatalMsg, buf=0xbffe2480 "ASSERT: \"!parent()\" in file /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/platform/qt/WidgetQt.cpp, line 82") at /home/ich/source/trolltech/qt.git/src/corelib/global/qglobal.cpp:2178 #4 0xb659f9dd in qFatal (msg=0xb6704f90 "ASSERT: \"%s\" in file %s, line %d") at /home/ich/source/trolltech/qt.git/src/corelib/global/qglobal.cpp:2410 #5 0xb659fc51 in qt_assert (assertion=0xb7c9d241 "!parent()", file=0xb7c9d1c8 "/home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/platform/qt/WidgetQt.cpp", line=82) at /home/ich/source/trolltech/qt.git/src/corelib/global/qglobal.cpp:1918 #6 0xb7a2b09c in ~Widget (this=0x827d6c8) at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/platform/qt/WidgetQt.cpp:82 #7 0xb79a48c9 in WebCore::RenderPart::deleteWidget (this=0x821b268) at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/rendering/RenderPart.cpp:85 #8 0xb79dc9cc in WebCore::RenderWidget::setWidget (this=0x821b268, widget=0x8376020) at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/rendering/RenderWidget.cpp:129 #9 0xb79a4c07 in WebCore::RenderPart::setWidget (this=0x821b268, widget=0x8376020) at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/rendering/RenderPart.cpp:64 #10 0xb788be34 in WebCore::FrameLoader::loadPlugin (this=0x80856c8, renderer=0x821b268, url=@0xbffe466c, mimeType=@0xbffe47e8, paramNames=@0xbffe47bc, paramValues=@0xbffe47b0, useFallback=false)
Attachments
Crash Fix (1.56 KB, patch)
2007-12-15 17:57 PST, Holger Freyther 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Holger Freyther
Comment 1 2007-12-15 17:57:51 PST
Created attachment 17919 [details] Crash Fix * The windows port has the ASSERT(!parent()) in the destructor. So I think adding a removeFromParent call is not an option. * This fix copies the code from RenderWidget::destroy. We will remove m_widget from the m_view. For win/gtk/qt it is assumed that m_view == m_widget->parent() but as the mac doesn't have this method I can't put an assert there. * Add the ASSERT from the win port to the Qt and Gtk+ one. * I did not test this patch for regressions yet
Darin Adler
Comment 2 2007-12-16 10:22:20 PST
Comment on attachment 17919 [details] Crash Fix This looks fine to me. As long as we determine that it doesn't cause a crash or other problem on the Mac port. r=me
Adam Roben (:aroben)
Comment 3 2008-01-10 13:26:06 PST
A similar patch was landed in r29369.
Note You need to log in before you can comment on or make changes to this bug.