Bug 37318

Summary:

Crash on WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() during frame disconnection

Product:

WebKit

Reporter:

Marcus Bulach <bulach>

Component:

WebKit Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bulach, commit-queue, fishd, jorlow, joth

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	none

Description Marcus Bulach 2010-04-09 02:52:34 PDT

There are some situations where the frame / webview has been disconnected prior to WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() being called.
In this scenario, we don't need to detachBridge().

http://code.google.com/p/chromium/issues/detail?id=40478
Thread 0 (crashed)
 0 Google Chrome Framew0.369.0.1            0x0167be82 WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() + 0x0 (WebGeolocationServiceBridgeImpl.cpp:128)
 1 Google Chrome Framew0.369.0.1            0x010a299e WebCore::Geolocation::disconnectFrame() + 0x7 (Geolocation.cpp:636)
 2 Google Chrome Framew0.369.0.1            0x010a8b71 WebCore::Navigator::disconnectFrame() + 0x7 (Navigator.cpp:68)
 3 Google Chrome Framew0.369.0.1            0x01077554 WebCore::DOMWindow::clear() + 0x7 (DOMWindow.cpp:441)
 4 Google Chrome Framew0.369.0.1            0x010941eb WebCore::Frame::setSelectionFromNone() + 0x7 (Frame.cpp:212)
 5 Google Chrome Framew0.369.0.1            0x00fdd67d 
 6 Google Chrome Framew0.369.0.1            0x00fbcd97 WebCore::InspectorController::setBreakpoint(WebCore::String const&, unsigned int, bool, WebCore::String const&) + 0x7 
(RefCounted.h:109)
 7 Google Chrome Framew0.369.0.1            0x010ac062 WebCore::Page::userStyleSheetLocationChanged() + 0xb (OwnPtrCommon.h:55)
 8 Google Chrome Framew0.369.0.1            0x0169ba10 WebKit::WebViewImpl::close() + 0xb (OwnPtrCommon.h:55)
 9 Google Chrome Framew0.369.0.1            0x0062a517 RenderWidget::Close() + 0x6 (render_widget.cc:651)
10 Google Chrome Framew0.369.0.1            0x005f3545 RenderView::Close() + 0x7 (render_view.cc:4785)
11 Google Chrome Framew0.369.0.1            0x006a413a MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) + 0x7 (message_loop.cc:329)
12 Google Chrome Framew0.369.0.1            0x006a4b0a MessageLoop::DoWork() + 0xb (message_loop.cc:444)
13 Google Chrome Framew0.369.0.1            0x00683053 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 0xa (message_pump_mac.mm:291)
14 CoreFoundation      0.550.19.0           0x993cd15a __CFRunLoopDoSources0 + 0x61a
15 CoreFoundation      0.550.19.0           0x993cac1e __CFRunLoopRun + 0x42e
16 CoreFoundation      0.550.19.0           0x993ca0f3 CFRunLoopRunSpecific + 0x1c3
17 CoreFoundation      0.550.19.0           0x993c9f20 CFRunLoopRunInMode + 0x60
18 HIToolbox           0.460.0.0            0x972340fb RunCurrentEventLoopInMode + 0x187
19 HIToolbox           0.460.0.0            0x97233eb0 ReceiveNextEventCommon + 0x161
20 HIToolbox           0.460.0.0            0x97233d35 BlockUntilNextEventMatchingListInMode + 0x50
21 AppKit              0.1038.29.0          0x93325134 _DPSNextEvent + 0x34e
22 AppKit              0.1038.29.0          0x93324975 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x9b
23 AppKit              0.1038.29.0          0x932e6bee -[NSApplication run] + 0x334
24 Google Chrome Framew0.369.0.1            0x00682afc base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 0x19 (message_pump_mac.mm:677)
25 Google Chrome Framew0.369.0.1            0x00682285 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 0xb (message_pump_mac.mm:213)
26 Google Chrome Framew0.369.0.1            0x006a4083 MessageLoop::Run() + 0xb (message_loop.cc:205)
27 Google Chrome Framew0.369.0.1            0x00637b0d RendererMain(MainFunctionParams const&) + 0xc (renderer_main.cc:289)
28 Google Chrome Framew0.369.0.1            0x0000a27d ChromeMain + 0xd (chrome_dll_main.cc:720)
29 Google Chrome Helper                     0x00001ff7 main + 0x11 (chrome_exe_main.mm:16)
30 Google Chrome Helper                     0x00001fb5 
31

Comment 1 Marcus Bulach 2010-04-09 02:59:45 PDT

Created attachment 52950 [details]
Patch

Comment 2 WebKit Commit Bot 2010-04-09 06:13:51 PDT

Comment on attachment 52950 [details]
Patch

Clearing flags on attachment: 52950

Committed r57335: <http://trac.webkit.org/changeset/57335>

Comment 3 WebKit Commit Bot 2010-04-09 06:13:56 PDT

All reviewed patches have been landed.  Closing bug.