NEW 135024
willMoveToWebPage should be called with a null WebPage on WebPage teardown. 
https://bugs.webkit.org/show_bug.cgi?id=135024
Summary willMoveToWebPage should be called with a null WebPage on WebPage teardown.
Brady Eidson
Reported 2014-07-17 14:03:22 PDT
willMoveToWebPage should be called with a null WebPage on WebPage teardown. Instead the PageOverlayController is just destroyed, which just destroys each overlay, and never notifies the PageOverlay::clients Here's a backtrace of what happens today to destroy a PageOverlay, and the willMoveToWebPage should've been called before that: #0 0x0000000114dcf0e0 in WebKit::PageOverlay::~PageOverlay() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/PageOverlay.cpp:64 #1 0x0000000114f552af in -[WKObject dealloc] at /Volumes/Data/git/OpenSource/Source/WebKit2/Shared/Cocoa/WKObject.mm:40 #2 0x00007fff8225768c in objc_object::sidetable_release(bool) () #3 0x000000011529ff64 in API::Object::deref() at /Volumes/Data/git/OpenSource/Source/WebKit2/Shared/Cocoa/APIObject.mm:67 #4 0x0000000114b33d0b in void WTF::derefIfNotNull<WebKit::PageOverlay>(WebKit::PageOverlay*) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/PassRefPtr.h:39 #5 0x0000000114b33cc8 in WTF::RefPtr<WebKit::PageOverlay>::~RefPtr() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/RefPtr.h:55 #6 0x0000000114b2f265 in WTF::RefPtr<WebKit::PageOverlay>::~RefPtr() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/RefPtr.h:55 #7 0x000000011503049f in WTF::VectorDestructor<true, WTF::RefPtr<WebKit::PageOverlay> >::destruct(WTF::RefPtr<WebKit::PageOverlay>*, WTF::RefPtr<WebKit::PageOverlay>*) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:56 #8 0x000000011503045d in WTF::VectorTypeOperations<WTF::RefPtr<WebKit::PageOverlay> >::destruct(WTF::RefPtr<WebKit::PageOverlay>*, WTF::RefPtr<WebKit::PageOverlay>*) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:220 #9 0x00000001150303c0 in WTF::Vector<WTF::RefPtr<WebKit::PageOverlay>, 0ul, WTF::CrashOnOverflow>::shrink(unsigned long) at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:957 #10 0x0000000115030324 in WTF::Vector<WTF::RefPtr<WebKit::PageOverlay>, 0ul, WTF::CrashOnOverflow>::~Vector() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:596 #11 0x0000000115030165 in WTF::Vector<WTF::RefPtr<WebKit::PageOverlay>, 0ul, WTF::CrashOnOverflow>::~Vector() at /Volumes/Data/MyUser/build/Debug/usr/local/include/wtf/Vector.h:594 #12 0x000000011502ff61 in WebKit::PageOverlayController::~PageOverlayController() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/PageOverlayController.h:45 #13 0x000000011502c625 in WebKit::PageOverlayController::~PageOverlayController() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/PageOverlayController.h:45 #14 0x00000001150dd98b in WebKit::WebPage::~WebPage() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:529 #15 0x00000001150de395 in WebKit::WebPage::~WebPage() at /Volumes/Data/git/OpenSource/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:489
Attachments
Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2014-07-17 14:07:24 PDT
This is pretty bad because there's no guarantee that PageOverlay clients don't outlive the page, and then they'll have dangling PageOverlay pointers.
Brady Eidson
Comment 2 2014-07-17 14:15:11 PDT
(In reply to comment #1) > This is pretty bad because there's no guarantee that PageOverlay clients don't outlive the page, and then they'll have dangling PageOverlay pointers. Yup.
Note You need to log in before you can comment on or make changes to this bug.