Bug 16456 - Crash in FrameView and other places because ScrollView has Children that were deleted
Summary: Crash in FrameView and other places because ScrollView has Children that were...
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.4
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2007-12-15 17:53 PST by Holger Freyther
Modified: 2008-01-10 13:26 PST (History)
0 users

See Also:

Crash Fix (1.56 KB, patch)
2007-12-15 17:57 PST, Holger Freyther
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Holger Freyther 2007-12-15 17:53:27 PST
It is possible that we delete a WebCore::Widget without removing it from the parent (ScrollView).

#3  0xb659f958 in qt_message_output (msgType=QtFatalMsg, 
    buf=0xbffe2480 "ASSERT: \"!parent()\" in file /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/platform/qt/WidgetQt.cpp, line 82") at /home/ich/source/trolltech/qt.git/src/corelib/global/qglobal.cpp:2178
#4  0xb659f9dd in qFatal (msg=0xb6704f90 "ASSERT: \"%s\" in file %s, line %d")
    at /home/ich/source/trolltech/qt.git/src/corelib/global/qglobal.cpp:2410
#5  0xb659fc51 in qt_assert (assertion=0xb7c9d241 "!parent()", 
    file=0xb7c9d1c8 "/home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/platform/qt/WidgetQt.cpp", line=82)
    at /home/ich/source/trolltech/qt.git/src/corelib/global/qglobal.cpp:1918
#6  0xb7a2b09c in ~Widget (this=0x827d6c8) at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/platform/qt/WidgetQt.cpp:82
#7  0xb79a48c9 in WebCore::RenderPart::deleteWidget (this=0x821b268)
    at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/rendering/RenderPart.cpp:85
#8  0xb79dc9cc in WebCore::RenderWidget::setWidget (this=0x821b268, widget=0x8376020)
    at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/rendering/RenderWidget.cpp:129
#9  0xb79a4c07 in WebCore::RenderPart::setWidget (this=0x821b268, widget=0x8376020)
    at /home/ich/source/trolltech/qt.git/src/3rdparty/webkit/WebCore/rendering/RenderPart.cpp:64
#10 0xb788be34 in WebCore::FrameLoader::loadPlugin (this=0x80856c8, renderer=0x821b268, url=@0xbffe466c, mimeType=@0xbffe47e8, 
    paramNames=@0xbffe47bc, paramValues=@0xbffe47b0, useFallback=false)
Comment 1 Holger Freyther 2007-12-15 17:57:51 PST
Created attachment 17919 [details]
Crash Fix

* The windows port has the ASSERT(!parent()) in the destructor. So I think adding a removeFromParent call is not an option.
* This fix copies the code from RenderWidget::destroy. We will remove m_widget from the m_view. For win/gtk/qt it is assumed that m_view == m_widget->parent() but as the mac doesn't have this method I can't put an assert there.
* Add the ASSERT from the win port to the Qt and Gtk+ one.
* I did not test this patch for regressions yet
Comment 2 Darin Adler 2007-12-16 10:22:20 PST
Comment on attachment 17919 [details]
Crash Fix

This looks fine to me. As long as we determine that it doesn't cause a crash or other problem on the Mac port.

Comment 3 Adam Roben (:aroben) 2008-01-10 13:26:06 PST
A similar patch was landed in r29369.