Internal tracking number: 261567 When deleting a webview, the webkit thread will send a sync message to userInterfaceThread to delete handlers, including the viewport accessor. But the UserInterfaceThread could be doing a blit after it has deleted the viewport accessor and before the webkit thread gets the time slot to resume it's operation to clean up the webview, which leaves a very short time that viewport accessor of a webpage has been deleted while the webpage is still in the process of deleting, and the viewport accessor is referenced in the UserInterfaceThread when blitting contents. So we need to check if the viewport accessor is NULL before using it in the BackingStore code.
Created attachment 178461 [details] Patch
Comment on attachment 178461 [details] Patch Already reviewed and approved by George Staikos offline. Commit it.
This patch is not quite right, see comment in PR #261257
(In reply to comment #3) > This patch is not quite right, see comment in PR #261257 Uh, 261567
Ok, stopped committing. will fix .
Created attachment 178478 [details] Patch
With the internal bug fix for 261671, this seems less likely to happen. But it doesn't hurt to have this fix just in case there's other code path that might reach here.
(In reply to comment #7) > With the internal bug fix for 261671, this seems less likely to happen. But it doesn't hurt to have this fix just in case there's other code path that might reach here. I agree, checking for null when something can be null is good.
Comment on attachment 178478 [details] Patch LGTM.
Comment on attachment 178478 [details] Patch Commit.
Comment on attachment 178478 [details] Patch Clearing flags on attachment: 178478 Committed r137140: <http://trac.webkit.org/changeset/137140>
All reviewed patches have been landed. Closing bug.