WKFullScreenWindowController has a strong reference to WKView, so when it is instantiated, the view is only deleted when the controller is deleted.
This finally happens in WebPageProxy::resetStateAfterProcessExited() when it resets m_fullScreenManager. But further calls in this function rely on WKView and its associated clients still being there. So, we crash.
I don't see why WKFullScreenWindowController needs to retain the view - when the view is deleted, there is no need for the controller anyway, everything is just closed normally.
Created attachment 210659 [details]
Comment on attachment 210659 [details]
LGTM, r=me with nit.
The only thing I worry about is the lifetime of the WKFullScreenWindow being extended (due to being retained by something other than the WKView, or by a -performSelector:afterDelay:) somehow, and thus holding onto an invalid _webView pointer.
Perhaps the _webView could stay unretained, but the -setWebView: method could also stay, and would be cleared out by WKView in its own -dealloc method? We could even add a "@property (assign) WKView* webView" declaration to make the semantic explicit.
That's a great nit.
I added an assignment to nil to -close, as this function is inevitably called when WKView is destroyed.