Bug 24106

Summary: Crash on exit in InspectorController
Product: WebKit Reporter: Adam Treat <manyoso>
Component: Web Inspector (Deprecated)Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 24525    
Attachments:
Description Flags
Patch to fix the segfault timothy: review+

Description Adam Treat 2009-02-23 15:07:49 PST 
Hi,

I've been getting a consistent crash on exit using QtLauncher and QtWebKit.  The backtrace is:

0xb63dc2ed in JSC::Heap::heapAllocate<(JSC::HeapType)0> (this=0x815fd68, s=24)
    at ../../../../JavaScriptCore/runtime/Collector.cpp:315
315             targetBlock = reinterpret_cast<Block*>(heap.blocks[i]);
(gdb) bt
#0  0xb63dc2ed in JSC::Heap::heapAllocate<(JSC::HeapType)0> (this=0x815fd68, s=24)
    at ../../../../JavaScriptCore/runtime/Collector.cpp:315
#1  0xb63d89c8 in JSC::Heap::allocate (this=0x815fd68, s=24) at ../../../../JavaScriptCore/runtime/Collector.cpp:385
#2  0xb6e4e568 in WebCore::JSDOMWindowPrototype::operator new (size=24) at tmp/JSDOMWindow.cpp:506
#3  0xb64977a6 in WebCore::JSDOMWindowShell::setWindow (this=0xb3070000, window=@0xbf903f24)
    at ../../../../WebCore/bindings/js/JSDOMWindowShell.cpp:60
#4  0xb6497ab7 in JSDOMWindowShell (this=0xb3070000, window=@0xbf903f68)
    at ../../../../WebCore/bindings/js/JSDOMWindowShell.cpp:50
#5  0xb64d1e27 in WebCore::ScriptController::initScript (this=0x8169e5c)
    at ../../../../WebCore/bindings/js/ScriptController.cpp:170
#6  0xb647d3a0 in WebCore::ScriptController::initScriptIfNeeded (this=0x8169e5c)
    at ../../../../WebCore/bindings/js/ScriptController.h:141
#7  0xb648f6d9 in WebCore::ScriptController::windowShell (this=0x8169e5c)
    at ../../../../WebCore/bindings/js/ScriptController.h:72
---Type <return> to continue, or q <return> to quit---
#8  0xb6487586 in WebCore::toJSDOMWindow (frame=0x8169b98) at ../../../../WebCore/bindings/js/JSDOMWindowBase.cpp:894
#9  0xb67cce76 in WebCore::InspectorController::stopUserInitiatedProfiling (this=0x8160cc0)
    at ../../../../WebCore/inspector/InspectorController.cpp:1828
#10 0xb67cd5a7 in WebCore::InspectorController::close (this=0x8160cc0)
    at ../../../../WebCore/inspector/InspectorController.cpp:1765
#11 0xb67cd633 in WebCore::InspectorController::inspectedPageDestroyed (this=0x8160cc0)
    at ../../../../WebCore/inspector/InspectorController.cpp:1223
#12 0xb68f9b05 in ~Page (this=0x8160b48) at ../../../../WebCore/page/Page.cpp:159
#13 0xb6b4a175 in ~QWebPagePrivate (this=0x8160530) at ../../../../WebKit/qt/Api/qwebpage.cpp:288
#14 0xb6b4a4d4 in ~QWebPage (this=0x8160468) at ../../../../WebKit/qt/Api/qwebpage.cpp:1276
#15 0x0805c487 in ~WebPage (this=0x8160468) at /home/kde/trunk/labs.trolltech.com/webkit/WebKit/qt/QtLauncher/main.cpp:51
#16 0xb6b4dcd7 in ~QWebView (this=0x81600d8) at ../../../../WebKit/qt/Api/qwebview.cpp:178
#17 0xb4a6c4c4 in QObjectPrivate::deleteChildren (this=0x81144f8)
    at /home/kde/trunk/qt-snapshot/src/corelib/kernel/qobject.cpp:1840

A proposed patch is forthcoming.
Comment 1 Adam Treat 2009-02-23 15:11:43 PST 
Created attachment 27896 [details]
Patch to fix the segfault
Comment 2 Adam Treat 2009-02-24 07:14:19 PST 
Fixed with r41158.
Comment 3 Dimitri Glazkov (Google) 2009-03-12 11:33:33 PDT 
I think this path is wrong. If you clear m_inspectedPage, you never get to actually do any of the close(), because it first checks for enabled(), which in turn checks for !m_inspectedPage. This effectively makes close() a no-op.

Now that InspectorController is ref-counted, we need to be using close(). See bug 24525 for more details.
Comment 4 Dimitri Glazkov (Google) 2009-03-12 11:34:54 PDT 
Grm. path => patch. Actually, I'll keep this closed and "depend" bug 24525 on it.