RESOLVED FIXED 134284
REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransactionID() when the Web Content process crashes 
https://bugs.webkit.org/show_bug.cgi?id=134284
Summary REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransaction...
mitz
Reported 2014-06-24 17:52:11 PDT
After the Web Content process crashes, setting its scroll view’s content offset causes a crash: * thread #1: tid = 0x1dd4a6, 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xe8) * frame #0: 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53 frame #1: 0x000000011c5bcde7 WebKit`-[WKContentView didUpdateVisibleRect:unobscuredRect:unobscuredRectInScrollViewCoordinates:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:](self=0x00007ff6bac4a050, _cmd=0x000000011cb9f238, visibleRect=<unavailable>, unobscuredRect=<unavailable>, unobscuredRectInScrollViewCoordinates=<unavailable>, zoomScale=1, minimumScale=1, isStableState=true, isChangingObscuredInsetsInteractively=false) + 583 at WKContentView.mm:306 frame #2: 0x000000011c3799a5 WebKit`-[WKWebView _updateVisibleContentRects](self=0x00007ff6bc872a50, _cmd=0x000000011cb9f0ed) + 1893 at WKWebView.mm:1309 frame #3: 0x000000011c373526 WebKit`-[WKWebView _didInvokeUIScrollViewDelegateCallback](self=0x00007ff6bc872a50, _cmd=0x000000011cba0e10) + 86 at WKWebView.mm:638 frame #4: 0x000000011c8df3d5 WebKit`-[WKScrollViewDelegateForwarder forwardInvocation:](self=0x00007ff6bc883aa0, _cmd=0x000000011265d104, anInvocation=0x00007ff6bae83030) + 309 at WKScrollView.mm:89
Attachments
Patch (6.69 KB, patch)
2014-06-24 20:06 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2014-06-24 20:06:18 PDT
Created attachment 233779 [details] Patch
Simon Fraser (smfr)
Comment 2 2014-06-25 21:09:26 PDT
Comment on attachment 233779 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review > Source/WebKit2/UIProcess/WebPageProxy.h:385 > + void updateVisibleContentRects(const WebCore::FloatRect& exposedRect, const WebCore::FloatRect& unobscuredRect, const WebCore::FloatRect& unobscuredRectInScrollViewCoordinates, const WebCore::FloatRect& customFixedPositionRect, double scale, bool inStableState, bool isChangingObscuredInsetsInteractively, double timestamp, double horizontalVelocity, double verticalVelocity, double scaleChangeRate); So many arguments.
Benjamin Poulain
Comment 3 2014-06-25 21:15:54 PDT
Comment on attachment 233779 [details] Patch Clearing flags on attachment: 233779 Committed r170460: <http://trac.webkit.org/changeset/170460>
Benjamin Poulain
Comment 4 2014-06-25 21:15:59 PDT
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 5 2014-06-26 09:43:02 PDT
Comment on attachment 233779 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review > Source/WebKit2/UIProcess/ios/WebPageProxyIOS.mm:202 > + return; Should remove this line.
Note You need to log in before you can comment on or make changes to this bug.