Bug 59311

Summary: [GTK] Crash in WebCore::FrameView::notifyPageThatContentAreaWillPaint()
Product: WebKit Reporter: Martin Robinson <mrobinson>
Component: WebKitGTKAssignee: Martin Robinson <mrobinson>
Status: RESOLVED FIXED    
Severity: Normal CC: xan.lopez
Priority: P3 Keywords: Gtk
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch xan.lopez: review+

Description Martin Robinson 2011-04-24 21:52:53 PDT 
(gdb) bt
#0  0x00afd894 in WebCore::FrameView::notifyPageThatContentAreaWillPaint() const () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0
#1  0x00b880fa in WebCore::ScrollView::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0
#2  0x00c95d19 in WebCore::RenderWidget::paint(WebCore::PaintInfo&, int, int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0
#3  0x00c3b682 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0
#4  0x00c3bf9c in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0u>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) ()
   from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0
#5  0x00c3af70 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) () from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0
#6  0x00c3bf9c in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0u>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) ()
   from /home/xan/gnome2/lib/libwebkitgtk-3.0.so.0

The issue here seems to be that a GtkAdjustment is attached to some zombie Scrollbar.
Comment 1 Martin Robinson 2011-04-24 22:14:08 PDT 
Created attachment 90900 [details]
Patch
Comment 2 Xan Lopez 2011-04-25 09:42:25 PDT 
Comment on attachment 90900 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=90900&action=review

r=me with that check.

> Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:72
> +    // In some cases this adjustment may still be attached to a living MainFrameScrollbar.

I suppose we don't really know when this happens?

> Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:80
> +                                         0, reinterpret_cast<void*>(MainFrameScrollbarGtk::gtkValueChanged), 0);

Double check that you really need the signal id and the detail.
Comment 3 Martin Robinson 2011-04-25 13:01:02 PDT 
Committed r84793: <http://trac.webkit.org/changeset/84793>