Bug 166420

Summary: [GTK] Crash in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, cgarcia, cmarcelo, commit-queue, kondapallykalyan, luiz, mcatanzaro, mcrha, noam, tpopela, zan
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1408225
https://bugzilla.gnome.org/show_bug.cgi?id=776391
Attachments:
Description Flags
test-wk2.c
none
Patch zan: review+

Michael Catanzaro
Reported 2016-12-22 07:31:42 PST
Downstream reporter says "This issue happens with WebKit rendering mails inside evolution. It is probably related to https://bugzilla.gnome.org/show_bug.cgi?id=776391". Indeed, I see a bunch of web inspector stuff in the backtrace. Thread 1 (Thread 0x7f8d612cdfc0 (LWP 2745)): #0 0x00007f8d6003226b in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired() (this=0x7f8cd859a800) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:57 #1 0x00007f8d60032a79 in WebCore::CoordinatedGraphicsLayer::didChangeGeometry() (this=0x7f8cd859a800) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:104 #2 0x00007f8d5fa67218 in WebCore::PageOverlayController::installPageOverlay(WTF::PassRefPtr<WebCore::PageOverlay>, WebCore::PageOverlay::FadeMode) (this=0x7f8d499f44b0, pageOverlay=..., fadeMode=fadeMode@entry=WebCore::PageOverlay::FadeMode::Fade) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/page/PageOverlayController.cpp:110 overlay = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d499828a0} layer = std::unique_ptr<WebCore::GraphicsLayer> containing 0x7f8cd859a800 #3 0x00007f8d5f1486c2 in WebKit::WebInspectorClient::highlight() (this=0x55b67236a3c0) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/WebProcess/WebCoreSupport/WebInspectorClient.cpp:112 highlightOverlay = {static isRef = <optimized out>, m_ptr = 0x0} this = 0x55b67236a3c0 #4 0x00007f8d5f90d268 in WebCore::InspectorOverlay::update() (this=0x7f8d499ca000) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/inspector/InspectorOverlay.cpp:346 viewportSize = {m_width = 1653, m_height = 320} frameViewFullSize = <optimized out> #5 0x00007f8d5f8cc12d in WebCore::InspectorDOMAgent::highlightNode(WTF::String&, Inspector::InspectorObject const&, int const*, WTF::String const*) (this=0x7f8d499a7000, errorString=..., highlightInspectorObject=..., nodeId=<optimized out>, objectId=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/inspector/InspectorDOMAgent.cpp:1141 node = 0x7f8d498f4840 highlightConfig = std::unique_ptr<WebCore::HighlightConfig> containing 0x7f8cd85e3d20 #6 0x00007f8d5e60e0ea in Inspector::DOMBackendDispatcher::highlightNode(long, WTF::RefPtr<Inspector::InspectorObject>&&) (this=0x7f8d499ae8e0, requestId=43, parameters=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/x86_64-redhat-linux-gnu/DerivedSources/JavaScriptCore/inspector/InspectorBackendDispatchers.cpp:1585 in_highlightConfig = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85ccf80} opt_in_nodeId_valueFound = true opt_in_nodeId = 2 opt_in_objectId_valueFound = false opt_in_objectId = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d5e86d1d0 <WTF::StringImpl::empty()::emptyString>}} error = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}} result = {static isRef = <optimized out>, m_ptr = 0x7f8cd85d04c0} #7 0x00007f8d5e61b4fb in Inspector::DOMBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) (this=0x7f8d499ae8e0, requestId=43, method=..., message=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/x86_64-redhat-linux-gnu/DerivedSources/JavaScriptCore/inspector/InspectorBackendDispatchers.cpp:936 parameters = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85ccf40} dispatchMap = {m_storage = {__data = "\000\344\276\362\214\177\000\000\200\000\000\000\177\000\000\000#\000\000\000\000\000\000", __align = {<No data fields>}}} findResult = <optimized out> #8 0x00007f8d5e1f2408 in Inspector::BackendDispatcher::dispatch(WTF::String const&) (this=0x7f8d499ef360, message=...) at /usr/src/debug/webkitgtk-2.14.2/Source/JavaScriptCore/inspector/InspectorBackendDispatcher.cpp:181 methodString = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85bdc30}} scopedRequestId = {m_scopedVariable = @0x7f8d499ef398, m_originalValue = {m_isEngaged = false, m_value = {__data = "\200l\207I\215\177\000", __align = {<No data fields>}}}} methodValue = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85cdd38} domainAndMethod = {<WTF::VectorBuffer<WTF::String, 0ul>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x7f8cd85b9d80, m_capacity = 16, m_size = 2}, <No data fields>}, <No data fields>} method = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85bdc80}} protect = {static isRef = <optimized out>, m_ptr = 0x7f8d499ef360} requestId = 43 messageObject = {static isRefPtr = <optimized out>, m_ptr = 0x0} #9 0x00007f8d5f2a9304 in IPC::callMemberFunctionImpl<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::tuple<WTF::String>, 0ul>(WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&), std::tuple<WTF::String>&&, std::integer_sequence<unsigned long, 0ul>) (args=<optimized out>, function=<optimized out>, object=0x7f8d498ef188) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/HandleMessage.h:13 arguments = std::tuple containing = {[1] = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d49876c80}}} #10 0x00007f8d5f2a9304 in IPC::callMemberFunction<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::tuple<WTF::String>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WTF::String>&&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) (function=<optimized out>, object=0x7f8d498ef188, args=<unknown type in /usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.14.9.debug, CU 0xf44375b, DIE 0xf464bcf>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/HandleMessage.h:19 arguments = std::tuple containing = {[1] = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d49876c80}}} #11 0x00007f8d5f2a9304 in IPC::handleMessage<Messages::WebInspector::SendMessageToBackend, WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&)>(IPC::Decoder&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) (decoder=..., object=object@entry=0x7f8d498ef188, function=(void (WebKit::WebInspector::*)(WebKit::WebInspector * const, const WTF::String &)) 0x7f8d5f158530 <WebKit::WebInspector::sendMessageToBackend(WTF::String const&)>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/HandleMessage.h:99 arguments = std::tuple containing = {[1] = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d49876c80}}} #12 0x00007f8d5f2a9248 in WebKit::WebInspector::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=0x7f8d498ef188, connection=..., decoder=...) at /usr/src/debug/webkitgtk-2.14.2/x86_64-redhat-linux-gnu/DerivedSources/WebKit2/WebInspectorMessageReceiver.cpp:88 #13 0x00007f8d5ef952b6 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=this@entry=0x7f8d499e85a0, message=std::unique_ptr<IPC::Decoder> containing 0x7f8d49891948) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/Connection.cpp:858 oldDidReceiveInvalidMessage = false #14 0x00007f8d5ef95f48 in IPC::Connection::dispatchOneMessage() (this=0x7f8d499e85a0) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/Connection.cpp:889 #15 0x00007f8d5e656825 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Function.h:50 function = {m_callableWrapper = std::unique_ptr<WTF::Function<void()>::CallableWrapperBase> containing 0x7f8d498b1ea0} functionsToHandle = <optimized out> #16 0x00007f8d5e656825 in WTF::RunLoop::performWork() (this=0x7f8d499f7000) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/RunLoop.cpp:105 function = {m_callableWrapper = std::unique_ptr<WTF::Function<void()>::CallableWrapperBase> containing 0x7f8d498b1ea0} functionsToHandle = <optimized out> #17 0x00007f8d5e67d2b9 in WTF::RunLoop::<lambda(gpointer)>::operator() (__closure=0x0, userData=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:66 #18 0x00007f8d5e67d2b9 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:68 #19 0x00007f8d57d1ae42 in g_main_dispatch (context=0x55b67226ea10) at gmain.c:3203 dispatch = 0x7f8d5e67d2d0 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)> prev_source = 0x0 was_in_call = 0 user_data = 0x7f8d499f7000 callback = 0x7f8d5e67d2b0 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)> cb_funcs = 0x7f8d57fe2280 <g_source_callback_funcs> cb_data = 0x55b6722e46c0 need_destroy = <optimized out> source = 0x55b6722e5000 current = 0x55b6722a8a90 i = 0 #20 0x00007f8d57d1ae42 in g_main_context_dispatch (context=context@entry=0x55b67226ea10) at gmain.c:3856 #21 0x00007f8d57d1b1c0 in g_main_context_iterate (context=0x55b67226ea10, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3929 max_priority = 2147483647 timeout = 6 some_ready = 1 nfds = 4 allocated_nfds = 4 fds = <optimized out> #22 0x00007f8d57d1b4e2 in g_main_loop_run (loop=0x55b6722e4fe0) at gmain.c:4125 __func__ = "g_main_loop_run" #23 0x00007f8d5e67db70 in WTF::RunLoop::run() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:94 runLoop = @0x7f8d499f7000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 1}, <No data fields>}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7f8d5e83cba0 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {m_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002", '\000' <repeats 21 times>, __align = 0}}, m_functionQueue = {m_start = 8, m_end = 8, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {m_buffer = 0x7f8d499da0a8, m_capacity = 21, m_size = 0}, <No data fields>}}, m_mainContext = {m_ptr = 0x55b67226ea10}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0ul>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7f8d499fa180, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_source = {m_ptr = 0x55b6722e5000}} nestedMainLoop = <optimized out> #24 0x00007f8d5f2508a9 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7ffc09a82f98) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Shared/unix/ChildProcessMain.h:61 childMain = {<WebKit::ChildProcessMainBase> = {_vptr.ChildProcessMainBase = 0x7f8d60fddbe0 <vtable for WebKit::WebProcessMain+16>, m_parameters = {uiProcessName = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, clientIdentifier = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, connectionIdentifier = 57, extraInitializationData = {m_impl = {static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}}}, <No data fields>} #25 0x00007f8d52e71401 in __libc_start_main (main=0x55b670ebfc00 <main(int, char**)>, argc=2, argv=0x7ffc09a82f98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc09a82f88) at ../csu/libc-start.c:289 result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 5904416883543918654, 94242066922544, 140720470503312, 0, 0, 388507317331839038, 398278049944455230}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffc09a82fb0, 0x7f8d613b8128}, data = {prev = 0x0, cleanup = 0x0, canceltype = 162017200}}} not_first_call = <optimized out> #26 0x000055b670ebfc5a in _start ()
Attachments
test-wk2.c (3.89 KB, text/plain)
2017-01-03 01:03 PST, Milan Crha 		no flags
Details
Patch (1.71 KB, patch)
2017-03-02 03:20 PST, Carlos Garcia Campos 		zan: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Zan Dobersek
Comment 1 2016-12-28 08:52:08 PST
Most likely m_coordinator is null. It's not expected to be null since there's an assert at the top of notifyFlushRequired() that checks that.
Michael Catanzaro
Comment 2 2016-12-28 11:21:10 PST
(In reply to comment #1) > Most likely m_coordinator is null. It's not expected to be null since > there's an assert at the top of notifyFlushRequired() that checks that. I'm pretty sure I've hit that assert many times before.
Michael Catanzaro
Comment 3 2017-01-02 09:55:56 PST
Milan says this is 100% reproducible when opening the web inspector in Evolution when running in X11. Doesn't happen in Wayland nor in Epiphany. Note: we only have five reports of this total in Fedora. But that's not unexpected if it requires opening the web inspector. Maybe the downstream reporter, who didn't mention inspector at all, accidentally triggered the inspector keybinding and didn't realize it.
Milan Crha
Comment 4 2017-01-02 11:04:21 PST
Right, for me, when not running under Wayland, it's enough to show the inspector and move a mouse pointer above its area (even its top buttons), but only from within the Evolution for some reason.
Milan Crha
Comment 5 2017-01-03 01:03:34 PST
Created attachment 297927 [details] test-wk2.c This is a test program to reproduce the crash. As Tom told me, the trick is to use WEBKIT_DISABLE_COMPOSITING_MODE=1, which evolution does by default now, then the application crashes when moving the mouse cursor for example above the HTML nodes of the inspector. The first line of the file contains a command line to compile & run it. Then click the Show Inspector button at the top and finally hover the mouse above the area of the docked inspector.
Tomas Popela
Comment 6 2017-01-03 01:19:03 PST
(In reply to comment #5) > Created attachment 297927 [details] > test-wk2.c > > This is a test program to reproduce the crash. As Tom told me, the trick is > to use WEBKIT_DISABLE_COMPOSITING_MODE=1, which evolution does by default > now, then the application crashes when moving the mouse cursor for example > above the HTML nodes of the inspector. As Carlos told me the web inspector requires the AC to be enabled. So basically it is "expected" that it will misbehave (crash) when it is disabled.
Carlos Garcia Campos
Comment 7 2017-01-03 01:53:11 PST
I don't think it should crash, maybe things like page overlay wont' work, but it shouldn't crash.
Michael Catanzaro
Comment 8 2017-01-03 05:25:12 PST
Running Epiphany with WEBKIT_DISABLE_COMPOSITING_MODE=1, the inspector appears to work until I click the inspect button (which I guess creates the page overlay). When clicking the Inspect button, the web process immediately crashes.
Michael Catanzaro
Comment 9 2017-01-03 05:26:28 PST
(In reply to comment #8) > Running Epiphany with WEBKIT_DISABLE_COMPOSITING_MODE=1, the inspector > appears to work With the caveat that it is not possible to close, resize, or dock/undock, it just stays open forever.
Carlos Garcia Campos
Comment 10 2017-01-31 10:06:26 PST
I think this should be fixed now by r211083. Feel free to reopen if I'm wrong.
Carlos Garcia Campos
Comment 11 2017-03-02 03:14:40 PST
It's still possible to crash in CoordinatedGraphicsLayer::notifyFlushRequired(), I'm getting this when closing a page that is being inspected. #0 0x00007f6e3cc7d20b in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007f6e3cc812f5 in WebCore::CoordinatedGraphicsLayer::removeFromParent() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007f6e3baef810 in WebKit::WebInspectorClient::~WebInspectorClient() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007f6e3baef8e7 in WebKit::WebInspectorClient::inspectedPageDestroyed() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007f6e3c3df5b2 in WebCore::InspectorController::inspectedPageDestroyed() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007f6e3c5c8859 in WebCore::Page::~Page() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007f6e3bb13dd0 in WebKit::WebPage::close() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007f6e3bd2fd81 in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007f6e3b92b3f9 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007f6e3ba68d06 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007f6e3b926edb in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007f6e3b927e08 in IPC::Connection::dispatchOneMessage() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #12 0x00007f6e38868e95 in WTF::RunLoop::performWork() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #13 0x00007f6e3889e189 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #14 0x00007f6e3190613a in g_main_dispatch (context=0x55ca754c5470) at gmain.c:3203 #15 g_main_context_dispatch (context=context@entry=0x55ca754c5470) at gmain.c:3856 #16 0x00007f6e319064b8 in g_main_context_iterate (context=0x55ca754c5470, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3929 #17 0x00007f6e319067d2 in g_main_loop_run (loop=0x55ca755eca80) at gmain.c:4125 #18 0x00007f6e3889ea20 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #19 0x00007f6e3bce1092 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () from /home/cgarcia/src/git/gnome/WebKit-remote-inspector/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #20 0x00007f6e2e4782b1 in __libc_start_main (main=0x55ca734eac30 <main>, argc=2, argv=0x7ffc7503da48, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc7503da38) at ../csu/libc-start.c:291 #21 0x000055ca734eac8a in _start ()
Carlos Garcia Campos
Comment 12 2017-03-02 03:16:16 PST
When CoordinatedGraphicsLayer::removefromParent is called, the coordinator has already been invalidated, so all its layers were set a nullptr coordinator. I think it's safe to simply handle m_coordinator being nullptr there.
Carlos Garcia Campos
Comment 13 2017-03-02 03:20:02 PST
Created attachment 303187 [details] Patch
Carlos Garcia Campos
Comment 14 2017-03-02 03:43:45 PST
Committed r213276: <http://trac.webkit.org/changeset/213276>
Note You need to log in before you can comment on or make changes to this bug.