| Summary: | Crash in WebKit::RemoteLayerTreePropertyApplier::updateChildren | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Antti Koivisto <koivisto> | ||||||
| Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | bfulgham, commit-queue, ggaren, jfernandez, simon.fraser, thorton, zalan | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | WebKit Nightly Build | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
Created attachment 360326 [details]
patch
Created attachment 360327 [details]
patch
Comment on attachment 360327 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=360327&action=review > Source/WebKit/Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm:284 > + return childNode && childNode->uiView(); Does this 'childNode' check make sense after the ASSERT ? Comment on attachment 360327 [details]
patch
r=me but I would like to understand why this happens.
+1 what smfr said, this is a papering over a pretty scary symptom that we should probably investigate the root cause of Comment on attachment 360327 [details] patch Clearing flags on attachment: 360327 Committed r240717: <https://trac.webkit.org/changeset/240717> All reviewed patches have been landed. Closing bug. |
Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000 VM Region Info: 0 is not in any region. Bytes before following region: 4335222784 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 0000000102664000-000000010283c000 [ 1888K] r-x/r-x SM=COW .../MobileSafari Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [283] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebKit 0x00000001bad2b4b0 WebKit::RemoteLayerTreePropertyApplier::applyProperties(WebKit::RemoteLayerTreeNode&, WebKit::RemoteLayerTreeHost*, WebKit::RemoteLayerTreeTransaction::LayerProperties const&, WTF::HashMap<unsigned long long, std::__1::unique_ptr<WebKit::RemoteLayerTreeNode, std::__1::default_delete<WebKit::RemoteLayerTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<std::__1::unique_ptr<WebKit::RemoteLayerTreeNode, std::__1::default_delete<WebKit::RemoteLayerTreeNode> > > > const&, WebKit::RemoteLayerBackingStore::LayerContentsType) + 28 (RetainPtr.h:90) 1 WebKit 0x00000001baddfda0 WebKit::RemoteLayerTreeHost::updateLayerTree(WebKit::RemoteLayerTreeTransaction const&, float) + 592 (RemoteLayerTreeHost.mm:108) 2 WebKit 0x00000001baddfda0 WebKit::RemoteLayerTreeHost::updateLayerTree(WebKit::RemoteLayerTreeTransaction const&, float) + 592 (RemoteLayerTreeHost.mm:108) 3 WebKit 0x00000001baddf84c WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 120 (RemoteLayerTreeDrawingAreaProxy.mm:205) 4 WebKit 0x00000001bac8e198 void IPC::handleMessage<Messages::RemoteLayerTreeDrawingAreaProxy::CommitLayerTree, WebKit::RemoteLayerTreeDrawingAreaProxy, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)>(IPC::Decoder&, WebKit::RemoteLayerTreeDrawingAreaProxy*, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)) + 120 (HandleMessage.h:41) 5 WebKit 0x00000001bac71f44 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 120 (MessageReceiverMap.cpp:0) 6 WebKit 0x00000001bae2fbec WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 32 (WebProcessProxy.cpp:651)