| Summary: | REGRESSION: Crash in Frame::prohibitsScrolling() when releasing a page from the back/forward cache | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | mitz | ||||
| Component: | Platform | Assignee: | Dave Hyatt <hyatt> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Major | CC: | hyatt | ||||
| Priority: | P1 | Keywords: | PlatformOnly | ||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | PC | ||||||
| OS: | Windows XP | ||||||
| Attachments: |
|
||||||
Created attachment 23916 [details]
Patch
Comment on attachment 23916 [details]
Patch
r=me
|
Steps to reproduce: 1) Go to data:text/html,a 2) In the same window, go to data:text/html,b 3) Open a new tab 4) Close the tab in which you visited a and b 5) Wait (do not interact with Safari while waiting) Backtrace: > WebKit_debug.dll!WebCore::Frame::prohibitsScrolling() Line 1732 + 0x3 bytes C++ WebKit_debug.dll!WebCore::ScrollView::updateScrollbars(const WebCore::IntSize & desiredOffset={...}) Line 270 + 0xf bytes C++ WebKit_debug.dll!WebCore::ScrollView::setScrollbarModes(WebCore::ScrollbarMode horizontalMode=ScrollbarAuto, WebCore::ScrollbarMode verticalMode=ScrollbarAuto) Line 76 C++ WebKit_debug.dll!WebCore::FrameView::resetScrollbars() Line 215 C++ WebKit_debug.dll!WebCore::FrameView::~FrameView() Line 184 C++ WebKit_debug.dll!WebCore::FrameView::`scalar deleting destructor'() + 0x16 bytes C++ WebKit_debug.dll!WebCore::FrameView::deref() Line 68 + 0x55 bytes C++ WebKit_debug.dll!WTF::RefPtr<WebCore::FrameView>::operator=(WebCore::FrameView * optr=0x00000000) Line 119 C++ WebKit_debug.dll!WebCore::CachedPage::clear() Line 169 C++ WebKit_debug.dll!WebCore::PageCache::releaseAutoreleasedPagesNow() Line 167 + 0x16 bytes C++ WebKit_debug.dll!WebCore::PageCache::releaseAutoreleasedPagesNowOrReschedule(WebCore::Timer<WebCore::PageCache> * timer=0x0447e6b0) Line 153 C++ WebKit_debug.dll!WebCore::Timer<WebCore::PageCache>::fired() Line 99 + 0x23 bytes C++ WebKit_debug.dll!WebCore::TimerBase::fireTimers(double fireTime=1222718154.5365591, const WTF::Vector<WebCore::TimerBase *,0> & firingTimers={...}) Line 347 + 0xf bytes C++ WebKit_debug.dll!WebCore::TimerBase::sharedTimerFired() Line 368 + 0x12 bytes C++ WebKit_debug.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00020676, unsigned int message=0x0000c1bb, unsigned int wParam=0x00000000, long lParam=0x00000000) Line 102 + 0x8 bytes C++ Note: The Frame is null in the topmost stack frame.