Bug 4357

Summary: crash related to animated GIFs, reproducible in non-Safari WebKit application
Product: WebKit Reporter: Scott Garner <fakescott>
Component: WebKit Misc.Assignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 412   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
A small application that illustrates the bug.
none
patch to fix the problem (was a retain from inside dealloc!)
none
patch to fix the problem (retain inside dealloc) sullivan: review+

Scott Garner
Reported 2005-08-09 11:55:37 PDT
This one is a little hard to explain, but basically once a page with an animated gif is loaded, used and released, *something* still tries to access the documentView containing the gif, thus causing an exception.
Attachments
A small application that illustrates the bug. (13.29 KB, application/zip)
2005-08-09 11:59 PDT, Scott Garner 		no flags
Details
patch to fix the problem (was a retain from inside dealloc!) (7.73 KB, patch)
2005-09-03 16:44 PDT, Darin Adler 		no flags
DetailsFormatted DiffDiff
patch to fix the problem (retain inside dealloc) (4.45 KB, patch)
2005-09-04 12:40 PDT, Darin Adler 		sullivan: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Scott Garner
Comment 1 2005-08-09 11:59:27 PDT
Created attachment 3291 [details] A small application that illustrates the bug.
Scott Garner
Comment 2 2005-08-09 12:04:52 PDT
An obviously inelegant workaround that I've been using: - (void)webView:(WebView *)sender willCloseFrame:(WebFrame *)frame { WebDataSource* dataSource; dataSource = [frame dataSource]; NSEnumerator *enumerate = [[dataSource subresources] objectEnumerator]; WebResource *curResource; while (curResource = [enumerate nextObject]) { if ([[curResource MIMEType] isEqualTo:@"image/gif"]) { NSView *documentView = [[frame frameView] documentView]; [documentView retain]; break; } } } The idea is to retain any DocumentViews that might contain an animated GIF. Since this is all for an Automator action (Download URLs as PDFs), the resulting leak isn't terribly problematic.
Scott Garner
Comment 3 2005-08-09 12:12:30 PDT
For a little more commentary on this issue along with some attempted workarounds: http://lists.apple.com/archives/Webkitsdk-dev//2005/Jul/msg00030.html
Darin Adler
Comment 4 2005-09-03 16:08:16 PDT
Using zombie mode, I see a WebHTMLView being overreleased when I use this test program.
Darin Adler
Comment 5 2005-09-03 16:20:18 PDT
I found the bug. Working on a fix.
Darin Adler
Comment 6 2005-09-03 16:23:47 PDT
The problem is that this code, in a roundabout way, calls retain on a WebHTMLView object that's in its dealloc function. I'm fixing that now.
Darin Adler
Comment 7 2005-09-03 16:24:38 PDT
By "this code", I mean "the WebImageData class".
Darin Adler
Comment 8 2005-09-03 16:44:12 PDT
Created attachment 3734 [details] patch to fix the problem (was a retain from inside dealloc!)
Darin Adler
Comment 9 2005-09-04 12:40:45 PDT
Created attachment 3757 [details] patch to fix the problem (retain inside dealloc)
Note You need to log in before you can comment on or make changes to this bug.