RESOLVED FIXED107868
REGRESSION(140571): Crash in ScrollingCoordinator::mainThreadScrollingReasons during Frame::createView 
https://bugs.webkit.org/show_bug.cgi?id=107868
Summary REGRESSION(140571): Crash in ScrollingCoordinator::mainThreadScrollingReasons...
James Robinson
Reported 2013-01-24 15:03:09 PST
Stack Trace: RELADDR FUNCTION FILE:LINE 009685d6 WebCore::ScrollingCoordinator::mainThreadScrollingReasons() const /out/Release/../../third_party/WebKit/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp:457 v------> WebCore::ScrollingCoordinator::shouldUpdateScrollLayerPositionOnMainThread() const /out/Release/../../third_party/WebKit/Source/WebCore/page/scrolling/ScrollingCoordinator.h:147 0094a443 WebCore::FrameView::isRubberBandInProgress() const /out/Release/../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:1919 v------> WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&) /out/Release/../../third_party/WebKit/Source/WebCore/platform/ScrollView.cpp:615 0076c90d WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&) /out/Release/../../third_party/WebKit/Source/WebCore/platform/ScrollView.cpp:464 0076cbdf WebCore::ScrollView::setFixedLayoutSize(WebCore::IntSize const&) /out/Release/../../third_party/WebKit/Source/WebCore/platform/ScrollView.cpp:279 00949053 WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) /out/Release/../../third_party/WebKit/Source/WebCore/page/Frame.cpp:792 004775f9 WebKit::WebFrameImpl::createFrameView() /out/Release/../../third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.cpp:2280 00919e2d WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage>) /out/Release/../../third_party/WebKit/Source/WebCore/loader/FrameLoader.cpp:1864 0091af03 WebCore::FrameLoader::commitProvisionalLoad() /out/Release/../../third_party/WebKit/Source/WebCore/loader/FrameLoader.cpp:1701 00910361 WebCore::DocumentLoader::commitLoad(char const*, int) /out/Release/../../third_party/WebKit/Source/WebCore/loader/DocumentLoader.cpp:310 0091ecf9 WebCore::MainResourceLoader::dataReceived(WebCore::CachedResource*, char const*, int) /out/Release/../../third_party/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:512 0092af2b WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) /out/Release/../../third_party/WebKit/Source/WebCore/loader/cache/CachedRawResource.cpp:70 00924d11 WebCore::SubresourceLoader::sendDataToResource(char const*, int) /out/Release/../../third_party/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:255 v------> WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, bool) /out/Release/../../third_party/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:227 00924ee1 WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, bool) /out/Release/../../third_party/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:215 009233c3 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) /out/Release/../../third_party/WebKit/Source/WebCore/loader/ResourceLoader.cpp:451 007bc41d WebCore::ResourceHandleInternal::didReceiveData(WebKit::WebURLLoader*, char const*, int, int)
Attachments
Add attachment proposed patch, testcase, etc.
James Robinson
Comment 1 2013-01-24 15:05:22 PST
WebCore::Frame::createView() does this: RefPtr<FrameView> frameView; if (isMainFrame) { frameView = FrameView::create(this, viewportSize); frameView->setFixedLayoutSize(fixedLayoutSize); frameView->setFixedVisibleContentRect(fixedVisibleContentRect); frameView->setUseFixedLayout(useFixedLayout); // <--- boom! } else frameView = FrameView::create(this); frameView->setScrollbarModes(horizontalScrollbarMode, verticalScrollbarMode, horizontalLock, verticalLock); setView(frameView); the view isn't set up
James Robinson
Comment 2 2013-01-24 15:07:57 PST
What 'bout this? diff --git a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp b/Source/WebCore/page/scrolling/ScrollingCoordinat index c17cc36..f12c280 100644 --- a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp +++ b/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp @@ -449,6 +449,8 @@ bool ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects(Frame MainThreadScrollingReasons ScrollingCoordinator::mainThreadScrollingReasons() const { FrameView* frameView = m_page->mainFrame()->view(); + if (!frameView) + return static_cast<MainThreadScrollingReasons>(0); MainThreadScrollingReasons mainThreadScrollingReasons = (MainThreadScrollingReasons)0; ?
Beth Dakin
Comment 3 2013-01-24 15:09:42 PST
(In reply to comment #2) > What 'bout this? > > diff --git a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp b/Source/WebCore/page/scrolling/ScrollingCoordinat > index c17cc36..f12c280 100644 > --- a/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp > +++ b/Source/WebCore/page/scrolling/ScrollingCoordinator.cpp > @@ -449,6 +449,8 @@ bool ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects(Frame > MainThreadScrollingReasons ScrollingCoordinator::mainThreadScrollingReasons() const > { > FrameView* frameView = m_page->mainFrame()->view(); > + if (!frameView) > + return static_cast<MainThreadScrollingReasons>(0); > > MainThreadScrollingReasons mainThreadScrollingReasons = (MainThreadScrollingReasons)0; > > > ? I still think it's cray-zay that we can end up calling updateScrollbars() this early on in the construction of a FrameView, but I think this change is okay.
James Robinson
Comment 4 2013-01-24 15:16:05 PST
Committed r140732: <http://trac.webkit.org/changeset/140732>
James Robinson
Comment 5 2013-01-24 15:39:53 PST
(In reply to comment #3) > > I still think it's cray-zay that we can end up calling updateScrollbars() this early on in the construction of a FrameView, but I think this change is okay. I definitely agree. I don't think there is any reason to call updateScrollbars() unless we're about to do a layout, but perhaps I'm not very creative.
Note You need to log in before you can comment on or make changes to this bug.