Bug 106663 - IconLoader destructor called without calling removeClient().
Summary: IconLoader destructor called without calling removeClient().
Status: RESOLVED DUPLICATE of bug 120541
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-11 06:59 PST by Mark Toller
Modified: 2013-10-03 11:51 PDT (History)
10 users (show)

See Also:

Attachments
Call removeClient in the destructor. (454 bytes, patch)
2013-01-11 07:00 PST, Mark Toller 		webkit-ews: commit-queue-
Details | Formatted Diff | Diff
removed the spurious { from the patch. (453 bytes, patch)
2013-01-11 07:22 PST, Mark Toller 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Toller 2013-01-11 06:59:27 PST 
IconLoader uses a CachedRawResource, this class sets a timer and calls back into the IconLoader when the timer fires. However, the IconLoader can be destroyed (on web view destruction) without removing itself from the CachedRawResource, so the timer firing calls into a deleted object causing a crash.

Adding a check into the destructor fixes this problem on our platform (webkit2, gtk based).
Comment 1 Mark Toller 2013-01-11 07:00:39 PST 
Created attachment 182337 [details]
Call removeClient in the destructor.
Comment 2 Early Warning System Bot 2013-01-11 07:06:38 PST 
Comment on attachment 182337 [details]
Call removeClient in the destructor.

Attachment 182337 [details] did not pass qt-ews (qt):
Output: http://queues.webkit.org/results/15795669
Comment 3 Early Warning System Bot 2013-01-11 07:08:10 PST 
Comment on attachment 182337 [details]
Call removeClient in the destructor.

Attachment 182337 [details] did not pass qt-wk2-ews (qt):
Output: http://queues.webkit.org/results/15815184
Comment 4 EFL EWS Bot 2013-01-11 07:08:39 PST 
Comment on attachment 182337 [details]
Call removeClient in the destructor.

Attachment 182337 [details] did not pass efl-ews (efl):
Output: http://queues.webkit.org/results/15809335
Comment 5 kov's GTK+ EWS bot 2013-01-11 07:12:20 PST 
Comment on attachment 182337 [details]
Call removeClient in the destructor.

Attachment 182337 [details] did not pass gtk-ews (gtk):
Output: http://queues.webkit.org/results/15810338
Comment 6 Build Bot 2013-01-11 07:12:49 PST 
Comment on attachment 182337 [details]
Call removeClient in the destructor.

Attachment 182337 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/15806380
Comment 7 Peter Beverloo (cr-android ews) 2013-01-11 07:17:40 PST 
Comment on attachment 182337 [details]
Call removeClient in the destructor.

Attachment 182337 [details] did not pass cr-android-ews (chromium-android):
Output: http://queues.webkit.org/results/15806381
Comment 8 Build Bot 2013-01-11 07:20:34 PST 
Comment on attachment 182337 [details]
Call removeClient in the destructor.

Attachment 182337 [details] did not pass win-ews (win):
Output: http://queues.webkit.org/results/15803439
Comment 9 Mark Toller 2013-01-11 07:22:07 PST 
Created attachment 182342 [details]
removed the spurious { from the patch.
Comment 10 Alexey Proskuryakov 2013-01-11 09:31:49 PST 
Can you make a regression test for this?
Comment 11 Mark Toller 2013-01-11 10:02:01 PST 
(In reply to comment #10)
> Can you make a regression test for this?

I've only seen this on our device, and it's timing related - you have to destroy the webview (which destroys the IconLoader) after the CachedRawResource has been created and the IconLoader added to it, but before the timer (set for 0ms) fires...
Comment 12 Alexey Proskuryakov 2013-10-03 11:51:03 PDT 
This got fixed in bug 120541.

*** This bug has been marked as a duplicate of bug 120541 ***