117754 – widthMediaFeatureEval ends up with null FrameView during iframe unload.

Bug 117754 - widthMediaFeatureEval ends up with null FrameView during iframe unload.

Summary: widthMediaFeatureEval ends up with null FrameView during iframe unload.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Frames (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Major
Assignee:	zalan

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2013-06-18 14:15 PDT by zalan
Modified:	2013-06-18 15:03 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (8.56 KB, patch) 2013-06-18 14:36 PDT, zalan	no flags	Details \| Formatted Diff \| Diff
Patch (8.54 KB, patch) 2013-06-18 14:52 PDT, zalan	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zalan 2013-06-18 14:15:11 PDT

0x0000000107dd3384 WebCore::ScrollView::layoutSize() const + 4
0x0000000107ba41e6 WebCore::widthMediaFeatureEval(WebCore::CSSValue*, WebCore::RenderStyle*, WebCore::Frame*, WebCore::MediaFeaturePrefix) + 38
0x0000000107ba4e5b WebCore::min_widthMediaFeatureEval(WebCore::CSSValue*, WebCore::RenderStyle*, WebCore::Frame*, WebCore::MediaFeaturePrefix) + 11
0x0000000107ba3c68 WebCore::MediaQueryEvaluator::eval(WebCore::MediaQueryExp const*) const + 3880
0x0000000107e643f5 WebCore::StyleResolver::affectedByViewportChange() const + 69
0x00000001076118d9 WebCore::FrameView::setFrameRect(WebCore::IntRect const&) + 265
0x0000000107d7b644 WebCore::RenderWidget::setWidgetGeometry(WebCore::LayoutRect const&) + 324
0x0000000107d7b808 WebCore::RenderWidget::updateWidgetGeometry() + 296
0x0000000107d7c209 WebCore::RenderWidget::updateWidgetPosition() + 41
0x0000000107d79482 WebCore::RenderView::updateWidgetPositions() + 258
0x00000001076169f9 WebCore::FrameView::repaintFixedElementsAfterScrolling() + 73
0x0000000107dd3a19 WebCore::ScrollView::scrollTo(WebCore::IntSize const&) + 89
0x000000010761867c WebCore::FrameView::scrollTo(WebCore::IntSize const&) + 44
0x0000000107dd39a1 WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) + 177
0x0000000107dbd198 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) + 56
0x0000000107dbd0ee WebCore::ScrollableArea::notifyScrollPositionChanged(WebCore::IntPoint const&) + 30
0x0000000107dc849b WebCore::ScrollingCoordinator::updateMainFrameScrollPosition(WebCore::IntPoint const&, bool, WebCore::SetOrSyncScrollingLayerPosition) + 91
0x0000000107dc97f4 WebCore::ScrollingCoordinatorMac::requestScrollPositionUpdate(WebCore::FrameView*, WebCore::IntPoint const&) + 100
0x0000000107616c34 WebCore::FrameView::requestScrollPositionUpdate(WebCore::IntPoint const&) + 148
0x0000000107616650 WebCore::FrameView::setScrollPosition(WebCore::IntPoint const&) + 144
0x0000000107bda113 WebCore::Page::setPageScaleFactor(float, WebCore::IntPoint const&) + 467
0x00000001075ff265 WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 645
0x00000001075f9b44 WebCore::FrameLoader::checkLoadComplete() + 132
0x00000001075f983a WebCore::FrameLoader::checkCompleted() + 378
0x00000001075f8a68 WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 88
0x00000001075ff5db WebCore::FrameLoader::open(WebCore::CachedFrameBase&) + 427
0x0000000107374801 WebCore::CachedFrame::open() + 33
0x0000000107376e79 WebCore::CachedPage::restore(WebCore::Page*) + 25
0x00000001075fe7ac WebCore::FrameLoader::commitProvisionalLoad() + 572
0x00000001075fd488 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 488
0x00000001075fd552 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 34
0x0000000107c0191a WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 474
0x00000001075fd178 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1176
0x00000001075fa1c4 WebCore::FrameLoader::loadDifferentDocumentItem(WebCore::HistoryItem*, WebCore::FrameLoadType, WebCore::FrameLoader::FormSubmissionCacheLoadPolicy) + 100
0x000000010765c395 WebCore::HistoryController::recursiveGoToItem(WebCore::HistoryItem*, WebCore::HistoryItem*, WebCore::FrameLoadType) + 421
0x000000010765bfb5 WebCore::HistoryController::goToItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 213

Comment 1 zalan 2013-06-18 14:36:28 PDT

Created attachment 204943 [details]
Patch

Comment 2 Geoffrey Garen 2013-06-18 14:41:20 PDT

Comment on attachment 204943 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=204943&action=review

r=me

> LayoutTests/fast/frames/crash-when-child-iframe-forces-layout-during-unload-and-sibling-frame-has-mediaquery.html:20
> +<div id='resizeThis'>Ensures that when layout is forced on unload event, frames with media query do not crash.</div>

Should be "...during an unload event.." and "...frames with media queries..."

Comment 3 zalan 2013-06-18 14:52:57 PDT

Created attachment 204947 [details]
Patch

Comment 4 WebKit Commit Bot 2013-06-18 15:03:28 PDT

Comment on attachment 204947 [details]
Patch

Clearing flags on attachment: 204947

Committed r151702: <http://trac.webkit.org/changeset/151702>

Comment 5 WebKit Commit Bot 2013-06-18 15:03:31 PDT

All reviewed patches have been landed.  Closing bug.