Bug 134284 - REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransactionID() when the Web Content process crashes
Summary: REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransaction...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P1 Normal
Assignee: Benjamin Poulain
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-24 17:52 PDT by mitz
Modified: 2014-06-26 09:43 PDT (History)
7 users (show)

See Also:


Attachments
Patch (6.69 KB, patch)
2014-06-24 20:06 PDT, Benjamin Poulain
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mitz 2014-06-24 17:52:11 PDT
After the Web Content process crashes, setting its scroll view’s content offset causes a crash:

* thread #1: tid = 0x1dd4a6, 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xe8)
  * frame #0: 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53
    frame #1: 0x000000011c5bcde7 WebKit`-[WKContentView didUpdateVisibleRect:unobscuredRect:unobscuredRectInScrollViewCoordinates:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:](self=0x00007ff6bac4a050, _cmd=0x000000011cb9f238, visibleRect=<unavailable>, unobscuredRect=<unavailable>, unobscuredRectInScrollViewCoordinates=<unavailable>, zoomScale=1, minimumScale=1, isStableState=true, isChangingObscuredInsetsInteractively=false) + 583 at WKContentView.mm:306
    frame #2: 0x000000011c3799a5 WebKit`-[WKWebView _updateVisibleContentRects](self=0x00007ff6bc872a50, _cmd=0x000000011cb9f0ed) + 1893 at WKWebView.mm:1309
    frame #3: 0x000000011c373526 WebKit`-[WKWebView _didInvokeUIScrollViewDelegateCallback](self=0x00007ff6bc872a50, _cmd=0x000000011cba0e10) + 86 at WKWebView.mm:638
    frame #4: 0x000000011c8df3d5 WebKit`-[WKScrollViewDelegateForwarder forwardInvocation:](self=0x00007ff6bc883aa0, _cmd=0x000000011265d104, anInvocation=0x00007ff6bae83030) + 309 at WKScrollView.mm:89
Comment 1 Benjamin Poulain 2014-06-24 20:06:18 PDT
Created attachment 233779 [details]
Patch
Comment 2 Simon Fraser (smfr) 2014-06-25 21:09:26 PDT
Comment on attachment 233779 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review

> Source/WebKit2/UIProcess/WebPageProxy.h:385
> +    void updateVisibleContentRects(const WebCore::FloatRect& exposedRect, const WebCore::FloatRect& unobscuredRect, const WebCore::FloatRect& unobscuredRectInScrollViewCoordinates, const WebCore::FloatRect& customFixedPositionRect, double scale, bool inStableState, bool isChangingObscuredInsetsInteractively, double timestamp, double horizontalVelocity, double verticalVelocity, double scaleChangeRate);

So many arguments.
Comment 3 Benjamin Poulain 2014-06-25 21:15:54 PDT
Comment on attachment 233779 [details]
Patch

Clearing flags on attachment: 233779

Committed r170460: <http://trac.webkit.org/changeset/170460>
Comment 4 Benjamin Poulain 2014-06-25 21:15:59 PDT
All reviewed patches have been landed.  Closing bug.
Comment 5 Darin Adler 2014-06-26 09:43:02 PDT
Comment on attachment 233779 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review

> Source/WebKit2/UIProcess/ios/WebPageProxyIOS.mm:202
> +    return;

Should remove this line.