Bug 190320 - Regression(r236862): Crash under DOMWindowExtension::willDetachGlobalObjectFromFrame()
Summary: Regression(r236862): Crash under DOMWindowExtension::willDetachGlobalObjectFr...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar, Regression
Depends on:
Blocks: 190282
  Show dependency treegraph
 
Reported: 2018-10-05 13:11 PDT by Chris Dumez
Modified: 2018-10-05 18:21 PDT (History)
9 users (show)

See Also:

Attachments
WIP Patch (needs tests) (1.79 KB, patch)
2018-10-05 13:14 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (8.42 KB, patch)
2018-10-05 13:43 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2018-10-05 13:11:56 PDT 
Crash under DOMWindowExtension::willDetachGlobalObjectFromFrame() since r236862:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x00000004110a95e0 WTFCrash + 16 (Assertions.cpp:255)
1   com.apple.WebCore             	0x000000040000de8b WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebCore             	0x00000004029e78e0 WebCore::DOMWindowExtension::willDetachGlobalObjectFromFrame() + 208 (DOMWindowExtension.cpp:104)
3   com.apple.WebCore             	0x00000004029dc1a3 WebCore::DOMWindow::willDetachDocumentFromFrame() + 131 (DOMWindow.cpp:510)
4   com.apple.WebCore             	0x00000004020294c1 WebCore::Document::detachFromFrame() + 49
5   com.apple.WebCore             	0x000000040202a093 WebCore::Document::prepareForDestruction() + 1539 (Document.cpp:2501)
6   com.apple.WebCore             	0x0000000402a3a560 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::DumbPtrTraits<WebCore::FrameView> >&&) + 192 (Frame.cpp:242)
7   com.apple.WebCore             	0x0000000402a3e80b WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) + 299 (Frame.cpp:913)
8   com.apple.WebKit              	0x00000001104191ca WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() + 842 (WebFrameLoaderClient.cpp:1430)
9   com.apple.WebCore             	0x000000040287f4b8 WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 1160 (FrameLoader.cpp:2131)
10  com.apple.WebCore             	0x000000040287e550 WebCore::FrameLoader::commitProvisionalLoad() + 2128 (FrameLoader.cpp:1957)
11  com.apple.WebCore             	0x0000000402817bcc WebCore::DocumentLoader::commitIfReady() + 60 (DocumentLoader.cpp:359)
12  com.apple.WebCore             	0x000000040281e04c WebCore::DocumentLoader::commitLoad(char const*, int) + 76 (DocumentLoader.cpp:965)
13  com.apple.WebCore             	0x000000040281dff5 WebCore::DocumentLoader::dataReceived(char const*, int) + 613 (DocumentLoader.cpp:1114)
14  com.apple.WebCore             	0x000000040281e866 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) + 150 (DocumentLoader.cpp:1087)
Comment 1 Chris Dumez 2018-10-05 13:12:09 PDT 
<rdar://problem/45044814>
Comment 2 Chris Dumez 2018-10-05 13:14:09 PDT 
Created attachment 351693 [details]
WIP Patch (needs tests)
Comment 3 Chris Dumez 2018-10-05 13:43:11 PDT 
Created attachment 351697 [details]
Patch
Comment 4 Geoffrey Garen 2018-10-05 15:02:02 PDT 
Comment on attachment 351697 [details]
Patch

r=me

legacy-animation-engine/fast/css-generated-content/noscript-pseudo-anim-crash.html doesn't have frames, so the failure seems unrelated.
Comment 5 Chris Dumez 2018-10-05 15:25:55 PDT 
Comment on attachment 351697 [details]
Patch

Clearing flags on attachment: 351697

Committed r236888: <https://trac.webkit.org/changeset/236888>
Comment 6 Chris Dumez 2018-10-05 15:25:57 PDT 
All reviewed patches have been landed.  Closing bug.