107868 – REGRESSION(140571): Crash in ScrollingCoordinator::mainThreadScrollingReasons during Frame::createView

Bug 107868 - REGRESSION(140571): Crash in ScrollingCoordinator::mainThreadScrollingReasons during Frame::createView

Summary: REGRESSION(140571): Crash in ScrollingCoordinator::mainThreadScrollingReasons...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-01-24 15:03 PST by James Robinson
Modified:	2013-01-24 15:39 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Robinson 2013-01-24 15:03:09 PST

Stack Trace:
  RELADDR   FUNCTION                                                                                                                                                                                                                                                                                                                                                              FILE:LINE
  009685d6  WebCore::ScrollingCoordinator::mainThreadScrollingReasons() const                                                                                                                                                                                                                                                                                                     /out/Release/../../third_party/WebKit/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp:457
  v------>  WebCore::ScrollingCoordinator::shouldUpdateScrollLayerPositionOnMainThread() const                                                                                                                                                                                                                                                                                    /out/Release/../../third_party/WebKit/Source/WebCore/page/scrolling/ScrollingCoordinator.h:147
  0094a443  WebCore::FrameView::isRubberBandInProgress() const                                                                                                                                                                                                                                                                                                                    /out/Release/../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:1919
  v------>  WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&)                                                                                                                                                                                                                                                                                                        /out/Release/../../third_party/WebKit/Source/WebCore/platform/ScrollView.cpp:615
  0076c90d  WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&)                                                                                                                                                                                                                                                                                                        /out/Release/../../third_party/WebKit/Source/WebCore/platform/ScrollView.cpp:464
  0076cbdf  WebCore::ScrollView::setFixedLayoutSize(WebCore::IntSize const&)                                                                                                                                                                                                                                                                                                      /out/Release/../../third_party/WebKit/Source/WebCore/platform/ScrollView.cpp:279
  00949053  WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool)                                                                                                                                                                  /out/Release/../../third_party/WebKit/Source/WebCore/page/Frame.cpp:792
  004775f9  WebKit::WebFrameImpl::createFrameView()                                                                                                                                                                                                                                                                                                                               /out/Release/../../third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.cpp:2280
  00919e2d  WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage>)                                                                                                                                                                                                                                                                                     /out/Release/../../third_party/WebKit/Source/WebCore/loader/FrameLoader.cpp:1864
  0091af03  WebCore::FrameLoader::commitProvisionalLoad()                                                                                                                                                                                                                                                                                                                         /out/Release/../../third_party/WebKit/Source/WebCore/loader/FrameLoader.cpp:1701
  00910361  WebCore::DocumentLoader::commitLoad(char const*, int)                                                                                                                                                                                                                                                                                                                 /out/Release/../../third_party/WebKit/Source/WebCore/loader/DocumentLoader.cpp:310
  0091ecf9  WebCore::MainResourceLoader::dataReceived(WebCore::CachedResource*, char const*, int)                                                                                                                                                                                                                                                                                 /out/Release/../../third_party/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:512
  0092af2b  WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool)                                                                                                                                                                                                                                                                                      /out/Release/../../third_party/WebKit/Source/WebCore/loader/cache/CachedRawResource.cpp:70
  00924d11  WebCore::SubresourceLoader::sendDataToResource(char const*, int)                                                                                                                                                                                                                                                                                                      /out/Release/../../third_party/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:255
  v------>  WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, bool)                                                                                                                                                                                                                                                                                         /out/Release/../../third_party/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:227
  00924ee1  WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, bool)                                                                                                                                                                                                                                                                                         /out/Release/../../third_party/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:215
  009233c3  WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int)                                                                                                                                                                                                                                                                              /out/Release/../../third_party/WebKit/Source/WebCore/loader/ResourceLoader.cpp:451
  007bc41d  WebCore::ResourceHandleInternal::didReceiveData(WebKit::WebURLLoader*, char const*, int, int)

Comment 1 James Robinson 2013-01-24 15:05:22 PST

WebCore::Frame::createView() does this:

    RefPtr<FrameView> frameView;
    if (isMainFrame) {
        frameView = FrameView::create(this, viewportSize);
        frameView->setFixedLayoutSize(fixedLayoutSize);
        frameView->setFixedVisibleContentRect(fixedVisibleContentRect);
        frameView->setUseFixedLayout(useFixedLayout);  // <--- boom!
    } else
        frameView = FrameView::create(this);

    frameView->setScrollbarModes(horizontalScrollbarMode, verticalScrollbarMode, horizontalLock, verticalLock);

    setView(frameView);


the view isn't set up

Comment 2 James Robinson 2013-01-24 15:07:57 PST

What 'bout this?

diff --git a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp b/Source/WebCore/page/scrolling/ScrollingCoordinat
index c17cc36..f12c280 100644
--- a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp
+++ b/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp
@@ -449,6 +449,8 @@ bool ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects(Frame
 MainThreadScrollingReasons ScrollingCoordinator::mainThreadScrollingReasons() const
 {
     FrameView* frameView = m_page->mainFrame()->view();
+    if (!frameView)
+        return static_cast<MainThreadScrollingReasons>(0);
 
     MainThreadScrollingReasons mainThreadScrollingReasons = (MainThreadScrollingReasons)0;


?

Comment 3 Beth Dakin 2013-01-24 15:09:42 PST

(In reply to comment #2)
> What 'bout this?
> 
> diff --git a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp b/Source/WebCore/page/scrolling/ScrollingCoordinat
> index c17cc36..f12c280 100644
> --- a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp
> +++ b/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp
> @@ -449,6 +449,8 @@ bool ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects(Frame
>  MainThreadScrollingReasons ScrollingCoordinator::mainThreadScrollingReasons() const
>  {
>      FrameView* frameView = m_page->mainFrame()->view();
> +    if (!frameView)
> +        return static_cast<MainThreadScrollingReasons>(0);
> 
>      MainThreadScrollingReasons mainThreadScrollingReasons = (MainThreadScrollingReasons)0;
> 
> 
> ?

I still think it's cray-zay that we can end up calling updateScrollbars() this early on in the construction of a FrameView, but I think this change is okay.

Comment 4 James Robinson 2013-01-24 15:16:05 PST

Committed r140732: <http://trac.webkit.org/changeset/140732>

Comment 5 James Robinson 2013-01-24 15:39:53 PST

(In reply to comment #3)
> 
> I still think it's cray-zay that we can end up calling updateScrollbars() this early on in the construction of a FrameView, but I think this change is okay.

I definitely agree.  I don't think there is any reason to call updateScrollbars() unless we're about to do a layout, but perhaps I'm not very creative.