RESOLVED DUPLICATE of bug 120541 106663
IconLoader destructor called without calling removeClient(). 
https://bugs.webkit.org/show_bug.cgi?id=106663
Summary IconLoader destructor called without calling removeClient().
Mark Toller
Reported 2013-01-11 06:59:27 PST
IconLoader uses a CachedRawResource, this class sets a timer and calls back into the IconLoader when the timer fires. However, the IconLoader can be destroyed (on web view destruction) without removing itself from the CachedRawResource, so the timer firing calls into a deleted object causing a crash. Adding a check into the destructor fixes this problem on our platform (webkit2, gtk based).
Attachments
Call removeClient in the destructor. (454 bytes, patch)
2013-01-11 07:00 PST, Mark Toller 		webkit-ews: commit-queue-
DetailsFormatted DiffDiff
removed the spurious { from the patch. (453 bytes, patch)
2013-01-11 07:22 PST, Mark Toller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Toller
Comment 1 2013-01-11 07:00:39 PST
Created attachment 182337 [details] Call removeClient in the destructor.
Early Warning System Bot
Comment 2 2013-01-11 07:06:38 PST
Comment on attachment 182337 [details] Call removeClient in the destructor. Attachment 182337 [details] did not pass qt-ews (qt): Output: http://queues.webkit.org/results/15795669
Early Warning System Bot
Comment 3 2013-01-11 07:08:10 PST
Comment on attachment 182337 [details] Call removeClient in the destructor. Attachment 182337 [details] did not pass qt-wk2-ews (qt): Output: http://queues.webkit.org/results/15815184
EFL EWS Bot
Comment 4 2013-01-11 07:08:39 PST
Comment on attachment 182337 [details] Call removeClient in the destructor. Attachment 182337 [details] did not pass efl-ews (efl): Output: http://queues.webkit.org/results/15809335
kov's GTK+ EWS bot
Comment 5 2013-01-11 07:12:20 PST
Comment on attachment 182337 [details] Call removeClient in the destructor. Attachment 182337 [details] did not pass gtk-ews (gtk): Output: http://queues.webkit.org/results/15810338
Build Bot
Comment 6 2013-01-11 07:12:49 PST
Comment on attachment 182337 [details] Call removeClient in the destructor. Attachment 182337 [details] did not pass mac-ews (mac): Output: http://queues.webkit.org/results/15806380
Peter Beverloo (cr-android ews)
Comment 7 2013-01-11 07:17:40 PST
Comment on attachment 182337 [details] Call removeClient in the destructor. Attachment 182337 [details] did not pass cr-android-ews (chromium-android): Output: http://queues.webkit.org/results/15806381
Build Bot
Comment 8 2013-01-11 07:20:34 PST
Comment on attachment 182337 [details] Call removeClient in the destructor. Attachment 182337 [details] did not pass win-ews (win): Output: http://queues.webkit.org/results/15803439
Mark Toller
Comment 9 2013-01-11 07:22:07 PST
Created attachment 182342 [details] removed the spurious { from the patch.
Alexey Proskuryakov
Comment 10 2013-01-11 09:31:49 PST
Can you make a regression test for this?
Mark Toller
Comment 11 2013-01-11 10:02:01 PST
(In reply to comment #10) > Can you make a regression test for this? I've only seen this on our device, and it's timing related - you have to destroy the webview (which destroys the IconLoader) after the CachedRawResource has been created and the IconLoader added to it, but before the timer (set for 0ms) fires...
Alexey Proskuryakov
Comment 12 2013-10-03 11:51:03 PDT
This got fixed in bug 120541. *** This bug has been marked as a duplicate of bug 120541 ***
Note You need to log in before you can comment on or make changes to this bug.