RESOLVED FIXED 159922
[Threaded Compositor] Web Process crash when the layer tree host is destroyed 
https://bugs.webkit.org/show_bug.cgi?id=159922
Summary [Threaded Compositor] Web Process crash when the layer tree host is destroyed
Carlos Garcia Campos
Reported 2016-07-19 08:30:47 PDT
It happens when the layer tree host is destroyed after the didChangeVisibleRect is scheduled to be run in the main thread, but before it's actually dispatched. In that case the threaded compositor client points to a deleted object and crashes when trying to dereference it.
Attachments
Patch (5.09 KB, patch)
2016-07-19 08:34 PDT, Carlos Garcia Campos 		svillar: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2016-07-19 08:34:06 PDT
Created attachment 284007 [details] Patch
Sergio Villar Senin
Comment 2 2016-07-20 01:07:09 PDT
Comment on attachment 284007 [details] Patch Don't we have a test to reproduce the crash?
Carlos Garcia Campos
Comment 3 2016-07-20 01:09:58 PDT
(In reply to comment #2) > Comment on attachment 284007 [details] > Patch > > Don't we have a test to reproduce the crash? Yes, several tests crashed because of this, I found this issue running the layout tests indeed, but I don't remember which tests failed. Same for bug #159918
Carlos Garcia Campos
Comment 4 2016-07-20 05:18:43 PDT
Committed r203449: <http://trac.webkit.org/changeset/203449>
Note You need to log in before you can comment on or make changes to this bug.