RESOLVED WORKSFORME 117237
[WK2] Crash when navigated without closing color picker. 
https://bugs.webkit.org/show_bug.cgi?id=117237
Summary [WK2] Crash when navigated without closing color picker.
Ryuan Choi
Reported 2013-06-05 02:50:17 PDT
Bug 115890 exposed below crash when navigated without closing color picker. It's because WebColorChooser::endChooser was called twice (ColorInputType::detach and ColorInputType::~ColorInputType). ASSERTION FAILED: m_colorChooser /home/chris/devel/WebKit/Source/WebKit2/UIProcess/WebPageProxy.cpp(2995) : void WebKit::WebPageProxy::endColorChooser() 1 0x7f5b4948faaf WTFCrash 2 0x7f5b49255d7e WebKit::WebPageProxy::endColorChooser() 3 0x7f5b4946816e void CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)()>(CoreIPC::Arguments0 const&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)()) 4 0x7f5b49464552 void CoreIPC::handleMessage<Messages::WebPageProxy::EndColorChooser, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)()>(CoreIPC::MessageDecoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)()) 5 0x7f5b4945e140 WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) 6 0x7f5b4917f0ba CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) 7 0x7f5b491940ed WebKit::ChildProcessProxy::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) 8 0x7f5b492928dd WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) 9 0x7f5b4916d2c8 CoreIPC::Connection::dispatchMessage(CoreIPC::MessageDecoder&) 10 0x7f5b4916d3a8 CoreIPC::Connection::dispatchMessage(WTF::PassOwnPtr<CoreIPC::MessageDecoder>) 11 0x7f5b4916d5b9 CoreIPC::Connection::dispatchOneMessage() 12 0x7f5b4917e499 WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) 13 0x7f5b4917e01e WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() 14 0x7f5b49399429 WTF::Function<void ()>::operator()() const 15 0x7f5b44a53a2c WebCore::RunLoop::performWork() 16 0x7f5b455c8150 WebCore::RunLoop::wakeUpEvent(void*, void*, unsigned int) 17 0x7f5b49b1fa07 18 0x7f5b49b1ea21 19 0x7f5b49b1ee97 ecore_main_loop_begin 20 0x40a6be elm_main 21 0x40a708 main 22 0x7f5b48459ea5 __libc_start_main 23 0x4053a9 Segmentation fault (core dumped)
Attachments
Patch (3.62 KB, patch)
2013-06-05 03:36 PDT, Ryuan Choi 		no flags
DetailsFormatted DiffDiff
with layout test (7.12 KB, patch)
2013-06-09 16:42 PDT, Ryuan Choi 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryuan Choi
Comment 1 2013-06-05 03:36:06 PDT
Created attachment 203787 [details] Patch
Chris Dumez
Comment 2 2013-06-06 23:10:45 PDT
Comment on attachment 203787 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=203787&action=review Could this be tested via layout test somehow? > Source/WebCore/ChangeLog:3 > + [EFL][WK2] Crash when navigated without closing color picker. This is not EFL specific, please remove [EFL] tag.
Ryuan Choi
Comment 3 2013-06-07 01:23:01 PDT
(In reply to comment #2) > (From update of attachment 203787 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=203787&action=review > > Could this be tested via layout test somehow? > I tried, but It looks not easy. When clicked color input, webkit2 checks whether color picker is implemented and calls didEndColorChooser to clear the logic. http://trac.webkit.org/browser/trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp#L2969 > > Source/WebCore/ChangeLog:3 > > + [EFL][WK2] Crash when navigated without closing color picker. > > This is not EFL specific, please remove [EFL] tag. OK, I will rebase the patch.
Ryuan Choi
Comment 4 2013-06-09 16:42:27 PDT
Created attachment 204124 [details] with layout test
Ryuan Choi
Comment 5 2013-06-09 16:47:34 PDT
(In reply to comment #3) > (In reply to comment #2) > > (From update of attachment 203787 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=203787&action=review > > > > Could this be tested via layout test somehow? > > > > I tried, but It looks not easy. > > When clicked color input, webkit2 checks whether color picker is implemented and calls didEndColorChooser to clear the logic. > http://trac.webkit.org/browser/trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp#L2969 > I found root cause. WebKitTestRunner overrides UIClient which doesn't hvae ShowColorPicker method so that Layout test was not crashed. I replaced test suite from EFL specific unit test case to layout test case. > > > Source/WebCore/ChangeLog:3 > > > + [EFL][WK2] Crash when navigated without closing color picker. > > > > This is not EFL specific, please remove [EFL] tag. > > OK, I will rebase the patch. Done.
Ryuan Choi
Comment 6 2014-02-05 16:37:24 PST
Comment on attachment 204124 [details] with layout test Clear flags. I will revisit this after fixed the crash of default operation in Bug 119120.
Ryuan Choi
Comment 7 2014-03-13 03:33:58 PDT
Now it looks already fixed.
Note You need to log in before you can comment on or make changes to this bug.