RESOLVED FIXED134316
Crash in ScrollingTree::isRubberBandInProgress() 
https://bugs.webkit.org/show_bug.cgi?id=134316
Summary Crash in ScrollingTree::isRubberBandInProgress()
Beth Dakin
Reported 2014-06-25 16:37:04 PDT
There is a crash in ScrollingTree::isRubberBandInProgress() that seems to indicate that the ScrollingNode's ScrollingTree pointer is null. This seems to be a race condition that can occur when tearing down a page. 3 libsystem_pthread.dylib: _pthread_mutex_check_init + 17 3 libsystem_pthread.dylib: _pthread_mutex_lock + 28 ==> 3 com.apple.WebCore: WebCore::ScrollingTree::isRubberBandInProgress + 22 <== 3 com.apple.WebCore: WebCore::ScrollingTreeScrollingNode::updateBeforeChildren + 58 3 com.apple.WebCore: WebCore::ScrollingTreeScrollingNodeMac::updateBeforeChildren + 24 3 com.apple.WebCore: WebCore::ScrollingTree::updateTreeFromStateNode + 541 3 com.apple.WebCore: WebCore::ScrollingTree::commitNewTreeState + 295 3 com.apple.WebCore: WebCore::ThreadedScrollingTree::commitNewTreeState + 29 3 com.apple.WebCore: WTF::FunctionWrapper<void + 57 3 com.apple.WebCore: WTF::BoundFunctionImpl<WTF::FunctionWrapper<void + 44 3 com.apple.WebCore: WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread + 121 3 com.apple.WebCore: WebCore::ScrollingThread::threadRunLoopSourceCallback + 65 3 com.apple.CoreFoundation: <rdar://problem/16247911>
Attachments
Patch (18.50 KB, patch)
2014-06-25 17:07 PDT, Beth Dakin 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Beth Dakin
Comment 1 2014-06-25 17:07:57 PDT
Created attachment 233853 [details] Patch
Geoffrey Garen
Comment 2 2014-06-25 17:20:36 PDT
Comment on attachment 233853 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=233853&action=review Am I allowed to review this? Maybe I am. > Source/WebCore/ChangeLog:13 > + believe that the ScrollingCoordinatorâs ScrollingTree pointer had been null-ed out Squiggly apostrophe. > Source/WebCore/ChangeLog:16 > + creation back to the scrolling thread and to use the this pointer to create new For clarity, I think "scrolling thread" should be "scrolling tree" here. Node creation was always happening on the scrolling thread -- but it was using data from the scrolling coordinator, which was not thread-safe. > Source/WebCore/ChangeLog:17 > + nodes rather than the ScrollingCoordinatorâs pointer. Squiggles.
Beth Dakin
Comment 3 2014-06-25 17:51:59 PDT
Thank you! Fixed the thingies. http://trac.webkit.org/changeset/170451
Note You need to log in before you can comment on or make changes to this bug.