Created attachment 193094 [details] 0001-Reset-all-clients-on-WebPage-close.patch

Ping about this?

*** Bug 115509 has been marked as a duplicate of this bug. ***

(In reply to comment #0) > There's a small chance that someone will call one of the clients WebPage holds when the page has already been destructed, since the pointers are valid after ::close(). This won't work and will (at least in the GTK+ port) cause a bunch of warnings. To avoid this situation just reset all clients to null, like the WebPageProxy class does. Actually there is not only a small chance but I found an scenario where not reseting the clients causes a crash 100% of the times. So imagine that a webpage has some javascript that executes a XmlHttpRequest in the onunload() event handler. The ::close() method of the WebPage calls injectedBundle->willDestroyPage(). That will likely be used by the WKBundlePageResourceLoadClients to free their resources, including the clientInfo they have passed to the WKBundlePageSetResourceLoadClient. In the same ::close() method, we find a call to m_mainFrame->coreFrame()->loader()->detachFromParent() which will trigger the execution of the XMLHttpRequest, which will issue a willSendRequest among other notifications. As the client is still set, the method will be called but it will likely try to use client's already freed resources leading to crashes. So yeah I big +1 for this change :)

If it's possible to make a layout test for this crasher I bet this patch would land a lot faster ;)

Fixes the issue for me, it was easy to reproduce just closing a tab while loading. We should add this to the release today.

Comment on attachment 193094 [details] 0001-Reset-all-clients-on-WebPage-close.patch Thanks. Let's see if cq can still land it.

Comment on attachment 193094 [details] 0001-Reset-all-clients-on-WebPage-close.patch Clearing flags on attachment: 193094 Committed r150758: <http://trac.webkit.org/changeset/150758>

All reviewed patches have been landed. Closing bug.