Bug 50307

Summary: Crash when closing WebKit2 window with accelerated composting content
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: WebKit2Assignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
URL: http://webkit.org/blog-files/3d-transforms/morphing-cubes.html
Attachments:
Description Flags
Patch mitz: review+

Simon Fraser (smfr)
Reported 2010-11-30 21:24:19 PST
When I close a WebKit2 window showing http://webkit.org/blog-files/3d-transforms/morphing-cubes.html, I crash: #0 0x0000000100218878 in WTF::RefPtr<WebCore::FrameView>::get (this=0x510) at RefPtr.h:59 #1 0x000000010030936c in WebCore::Frame::view (this=0x0) at Frame.h:268 #2 0x000000010026f0b7 in WebKit::WebPage::layoutIfNeeded (this=0x1193046f0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKit2/WebProcess/WebPage/WebPage.cpp:410 #3 0x0000000100218309 in WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverFired (this=0x105d8af60) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:164 #4 0x000000010021835f in WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverCallback (info=0x105d8af60) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:159 #5 0x00007fff86d09b37 in __CFRunLoopDoObservers () #6 0x00007fff86ce4ddf in CFRunLoopRunSpecific () #7 0x00007fff846059f6 in RunCurrentEventLoopInMode () #8 0x00007fff846057fb in ReceiveNextEventCommon () #9 0x00007fff846056b4 in BlockUntilNextEventMatchingListInMode () #10 0x00007fff83999e64 in _DPSNextEvent () #11 0x00007fff839997a9 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #12 0x00007fff8395f48b in -[NSApplication run] () #13 0x000000010024457c in RunLoop::run () at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKit2/Platform/mac/RunLoopMac.mm:55 #14 0x0000000100297be9 in WebKit::WebProcessMain (commandLine=@0x7fff5fbff300) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKit2/WebProcess/mac/WebProcessMainMac.mm:136 #15 0x000000010026cabf in WebKitMain (commandLine=@0x7fff5fbff300) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKit2/WebProcess/WebKitMain.cpp:47 #16 0x000000010026cb79 in WebKitMain (argc=8, argv=0x7fff5fbff3d8) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKit2/WebProcess/WebKitMain.cpp:71 #17 0x0000000100000e33 in main () Current language: auto; currently objective-c++
Attachments
Patch (1.28 KB, patch)
2010-11-30 21:36 PST, Simon Fraser (smfr) 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2010-11-30 21:36:10 PST
Created attachment 75246 [details] Patch
mitz
Comment 2 2010-12-01 10:44:12 PST
<rdar://problem/8640126>
Simon Fraser (smfr)
Comment 3 2010-12-01 12:47:12 PST
http://trac.webkit.org/changeset/73058
Note You need to log in before you can comment on or make changes to this bug.