RESOLVED FIXED Bug 24106
Crash on exit in InspectorController 
https://bugs.webkit.org/show_bug.cgi?id=24106
Summary Crash on exit in InspectorController
Adam Treat
Reported 2009-02-23 15:07:49 PST
Hi, I've been getting a consistent crash on exit using QtLauncher and QtWebKit. The backtrace is: 0xb63dc2ed in JSC::Heap::heapAllocate<(JSC::HeapType)0> (this=0x815fd68, s=24) at ../../../../JavaScriptCore/runtime/Collector.cpp:315 315 targetBlock = reinterpret_cast<Block*>(heap.blocks[i]); (gdb) bt #0 0xb63dc2ed in JSC::Heap::heapAllocate<(JSC::HeapType)0> (this=0x815fd68, s=24) at ../../../../JavaScriptCore/runtime/Collector.cpp:315 #1 0xb63d89c8 in JSC::Heap::allocate (this=0x815fd68, s=24) at ../../../../JavaScriptCore/runtime/Collector.cpp:385 #2 0xb6e4e568 in WebCore::JSDOMWindowPrototype::operator new (size=24) at tmp/JSDOMWindow.cpp:506 #3 0xb64977a6 in WebCore::JSDOMWindowShell::setWindow (this=0xb3070000, window=@0xbf903f24) at ../../../../WebCore/bindings/js/JSDOMWindowShell.cpp:60 #4 0xb6497ab7 in JSDOMWindowShell (this=0xb3070000, window=@0xbf903f68) at ../../../../WebCore/bindings/js/JSDOMWindowShell.cpp:50 #5 0xb64d1e27 in WebCore::ScriptController::initScript (this=0x8169e5c) at ../../../../WebCore/bindings/js/ScriptController.cpp:170 #6 0xb647d3a0 in WebCore::ScriptController::initScriptIfNeeded (this=0x8169e5c) at ../../../../WebCore/bindings/js/ScriptController.h:141 #7 0xb648f6d9 in WebCore::ScriptController::windowShell (this=0x8169e5c) at ../../../../WebCore/bindings/js/ScriptController.h:72 ---Type <return> to continue, or q <return> to quit--- #8 0xb6487586 in WebCore::toJSDOMWindow (frame=0x8169b98) at ../../../../WebCore/bindings/js/JSDOMWindowBase.cpp:894 #9 0xb67cce76 in WebCore::InspectorController::stopUserInitiatedProfiling (this=0x8160cc0) at ../../../../WebCore/inspector/InspectorController.cpp:1828 #10 0xb67cd5a7 in WebCore::InspectorController::close (this=0x8160cc0) at ../../../../WebCore/inspector/InspectorController.cpp:1765 #11 0xb67cd633 in WebCore::InspectorController::inspectedPageDestroyed (this=0x8160cc0) at ../../../../WebCore/inspector/InspectorController.cpp:1223 #12 0xb68f9b05 in ~Page (this=0x8160b48) at ../../../../WebCore/page/Page.cpp:159 #13 0xb6b4a175 in ~QWebPagePrivate (this=0x8160530) at ../../../../WebKit/qt/Api/qwebpage.cpp:288 #14 0xb6b4a4d4 in ~QWebPage (this=0x8160468) at ../../../../WebKit/qt/Api/qwebpage.cpp:1276 #15 0x0805c487 in ~WebPage (this=0x8160468) at /home/kde/trunk/labs.trolltech.com/webkit/WebKit/qt/QtLauncher/main.cpp:51 #16 0xb6b4dcd7 in ~QWebView (this=0x81600d8) at ../../../../WebKit/qt/Api/qwebview.cpp:178 #17 0xb4a6c4c4 in QObjectPrivate::deleteChildren (this=0x81144f8) at /home/kde/trunk/qt-snapshot/src/corelib/kernel/qobject.cpp:1840 A proposed patch is forthcoming.
Attachments
Patch to fix the segfault (2.17 KB, patch)
2009-02-23 15:11 PST, Adam Treat 		timothy: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Treat
Comment 1 2009-02-23 15:11:43 PST
Created attachment 27896 [details] Patch to fix the segfault
Adam Treat
Comment 2 2009-02-24 07:14:19 PST
Fixed with r41158.
Dimitri Glazkov (Google)
Comment 3 2009-03-12 11:33:33 PDT
I think this path is wrong. If you clear m_inspectedPage, you never get to actually do any of the close(), because it first checks for enabled(), which in turn checks for !m_inspectedPage. This effectively makes close() a no-op. Now that InspectorController is ref-counted, we need to be using close(). See bug 24525 for more details.
Dimitri Glazkov (Google)
Comment 4 2009-03-12 11:34:54 PDT
Grm. path => patch. Actually, I'll keep this closed and "depend" bug 24525 on it.
Note You need to log in before you can comment on or make changes to this bug.