134284 – REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransactionID() when the Web Content process crashes

Bug 134284 - REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransactionID() when the Web Content process crashes

Summary: REGRESSION (r170325): UI process crashes in lastCommittedLayerTreeTransaction...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P1 Normal
Assignee:	Benjamin Poulain

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-06-24 17:52 PDT by mitz
Modified:	2014-06-26 09:43 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (6.69 KB, patch) 2014-06-24 20:06 PDT, Benjamin Poulain	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mitz 2014-06-24 17:52:11 PDT

After the Web Content process crashes, setting its scroll view’s content offset causes a crash:

* thread #1: tid = 0x1dd4a6, 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xe8)
  * frame #0: 0x000000011c5bf57c WebKit`WebKit::RemoteLayerTreeDrawingAreaProxy::lastCommittedLayerTreeTransactionID(this=0x0000000000000000) const + 12 at RemoteLayerTreeDrawingAreaProxy.h:53
    frame #1: 0x000000011c5bcde7 WebKit`-[WKContentView didUpdateVisibleRect:unobscuredRect:unobscuredRectInScrollViewCoordinates:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:](self=0x00007ff6bac4a050, _cmd=0x000000011cb9f238, visibleRect=<unavailable>, unobscuredRect=<unavailable>, unobscuredRectInScrollViewCoordinates=<unavailable>, zoomScale=1, minimumScale=1, isStableState=true, isChangingObscuredInsetsInteractively=false) + 583 at WKContentView.mm:306
    frame #2: 0x000000011c3799a5 WebKit`-[WKWebView _updateVisibleContentRects](self=0x00007ff6bc872a50, _cmd=0x000000011cb9f0ed) + 1893 at WKWebView.mm:1309
    frame #3: 0x000000011c373526 WebKit`-[WKWebView _didInvokeUIScrollViewDelegateCallback](self=0x00007ff6bc872a50, _cmd=0x000000011cba0e10) + 86 at WKWebView.mm:638
    frame #4: 0x000000011c8df3d5 WebKit`-[WKScrollViewDelegateForwarder forwardInvocation:](self=0x00007ff6bc883aa0, _cmd=0x000000011265d104, anInvocation=0x00007ff6bae83030) + 309 at WKScrollView.mm:89

Comment 1 Benjamin Poulain 2014-06-24 20:06:18 PDT

Created attachment 233779 [details]
Patch

Comment 2 Simon Fraser (smfr) 2014-06-25 21:09:26 PDT

Comment on attachment 233779 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review

> Source/WebKit2/UIProcess/WebPageProxy.h:385
> +    void updateVisibleContentRects(const WebCore::FloatRect& exposedRect, const WebCore::FloatRect& unobscuredRect, const WebCore::FloatRect& unobscuredRectInScrollViewCoordinates, const WebCore::FloatRect& customFixedPositionRect, double scale, bool inStableState, bool isChangingObscuredInsetsInteractively, double timestamp, double horizontalVelocity, double verticalVelocity, double scaleChangeRate);

So many arguments.

Comment 3 Benjamin Poulain 2014-06-25 21:15:54 PDT

Comment on attachment 233779 [details]
Patch

Clearing flags on attachment: 233779

Committed r170460: <http://trac.webkit.org/changeset/170460>

Comment 4 Benjamin Poulain 2014-06-25 21:15:59 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Darin Adler 2014-06-26 09:43:02 PDT

Comment on attachment 233779 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=233779&action=review

> Source/WebKit2/UIProcess/ios/WebPageProxyIOS.mm:202
> +    return;

Should remove this line.