Bug 21218

Summary: REGRESSION: Crash in Frame::prohibitsScrolling() when releasing a page from the back/forward cache
Product: WebKit Reporter: mitz
Component: PlatformAssignee: Dave Hyatt <hyatt>
Status: RESOLVED FIXED    
Severity: Major CC: hyatt
Priority: P1 Keywords: PlatformOnly
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Attachments:
Description Flags
Patch mitz: review+

mitz
Reported 2008-09-29 12:59:04 PDT
Steps to reproduce: 1) Go to data:text/html,a 2) In the same window, go to data:text/html,b 3) Open a new tab 4) Close the tab in which you visited a and b 5) Wait (do not interact with Safari while waiting) Backtrace: > WebKit_debug.dll!WebCore::Frame::prohibitsScrolling() Line 1732 + 0x3 bytes C++ WebKit_debug.dll!WebCore::ScrollView::updateScrollbars(const WebCore::IntSize & desiredOffset={...}) Line 270 + 0xf bytes C++ WebKit_debug.dll!WebCore::ScrollView::setScrollbarModes(WebCore::ScrollbarMode horizontalMode=ScrollbarAuto, WebCore::ScrollbarMode verticalMode=ScrollbarAuto) Line 76 C++ WebKit_debug.dll!WebCore::FrameView::resetScrollbars() Line 215 C++ WebKit_debug.dll!WebCore::FrameView::~FrameView() Line 184 C++ WebKit_debug.dll!WebCore::FrameView::`scalar deleting destructor'() + 0x16 bytes C++ WebKit_debug.dll!WebCore::FrameView::deref() Line 68 + 0x55 bytes C++ WebKit_debug.dll!WTF::RefPtr<WebCore::FrameView>::operator=(WebCore::FrameView * optr=0x00000000) Line 119 C++ WebKit_debug.dll!WebCore::CachedPage::clear() Line 169 C++ WebKit_debug.dll!WebCore::PageCache::releaseAutoreleasedPagesNow() Line 167 + 0x16 bytes C++ WebKit_debug.dll!WebCore::PageCache::releaseAutoreleasedPagesNowOrReschedule(WebCore::Timer<WebCore::PageCache> * timer=0x0447e6b0) Line 153 C++ WebKit_debug.dll!WebCore::Timer<WebCore::PageCache>::fired() Line 99 + 0x23 bytes C++ WebKit_debug.dll!WebCore::TimerBase::fireTimers(double fireTime=1222718154.5365591, const WTF::Vector<WebCore::TimerBase *,0> & firingTimers={...}) Line 347 + 0xf bytes C++ WebKit_debug.dll!WebCore::TimerBase::sharedTimerFired() Line 368 + 0x12 bytes C++ WebKit_debug.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00020676, unsigned int message=0x0000c1bb, unsigned int wParam=0x00000000, long lParam=0x00000000) Line 102 + 0x8 bytes C++ Note: The Frame is null in the topmost stack frame.
Attachments
Patch (1.25 KB, patch)
2008-09-29 13:08 PDT, Dave Hyatt 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dave Hyatt
Comment 1 2008-09-29 13:08:28 PDT
Created attachment 23916 [details] Patch
mitz
Comment 2 2008-09-29 13:09:35 PDT
Comment on attachment 23916 [details] Patch r=me
Dave Hyatt
Comment 3 2008-09-29 13:10:10 PDT
Fixed in r37069.
Note You need to log in before you can comment on or make changes to this bug.