RESOLVED FIXED 37318
Crash on WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() during frame disconnection 
https://bugs.webkit.org/show_bug.cgi?id=37318
Summary Crash on WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() during frame...
Marcus Bulach
Reported 2010-04-09 02:52:34 PDT
There are some situations where the frame / webview has been disconnected prior to WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() being called. In this scenario, we don't need to detachBridge(). http://code.google.com/p/chromium/issues/detail?id=40478 Thread 0 (crashed) 0 Google Chrome Framew0.369.0.1 0x0167be82 WebKit::WebGeolocationServiceBridgeImpl::stopUpdating() + 0x0 (WebGeolocationServiceBridgeImpl.cpp:128) 1 Google Chrome Framew0.369.0.1 0x010a299e WebCore::Geolocation::disconnectFrame() + 0x7 (Geolocation.cpp:636) 2 Google Chrome Framew0.369.0.1 0x010a8b71 WebCore::Navigator::disconnectFrame() + 0x7 (Navigator.cpp:68) 3 Google Chrome Framew0.369.0.1 0x01077554 WebCore::DOMWindow::clear() + 0x7 (DOMWindow.cpp:441) 4 Google Chrome Framew0.369.0.1 0x010941eb WebCore::Frame::setSelectionFromNone() + 0x7 (Frame.cpp:212) 5 Google Chrome Framew0.369.0.1 0x00fdd67d 6 Google Chrome Framew0.369.0.1 0x00fbcd97 WebCore::InspectorController::setBreakpoint(WebCore::String const&, unsigned int, bool, WebCore::String const&) + 0x7 (RefCounted.h:109) 7 Google Chrome Framew0.369.0.1 0x010ac062 WebCore::Page::userStyleSheetLocationChanged() + 0xb (OwnPtrCommon.h:55) 8 Google Chrome Framew0.369.0.1 0x0169ba10 WebKit::WebViewImpl::close() + 0xb (OwnPtrCommon.h:55) 9 Google Chrome Framew0.369.0.1 0x0062a517 RenderWidget::Close() + 0x6 (render_widget.cc:651) 10 Google Chrome Framew0.369.0.1 0x005f3545 RenderView::Close() + 0x7 (render_view.cc:4785) 11 Google Chrome Framew0.369.0.1 0x006a413a MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) + 0x7 (message_loop.cc:329) 12 Google Chrome Framew0.369.0.1 0x006a4b0a MessageLoop::DoWork() + 0xb (message_loop.cc:444) 13 Google Chrome Framew0.369.0.1 0x00683053 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 0xa (message_pump_mac.mm:291) 14 CoreFoundation 0.550.19.0 0x993cd15a __CFRunLoopDoSources0 + 0x61a 15 CoreFoundation 0.550.19.0 0x993cac1e __CFRunLoopRun + 0x42e 16 CoreFoundation 0.550.19.0 0x993ca0f3 CFRunLoopRunSpecific + 0x1c3 17 CoreFoundation 0.550.19.0 0x993c9f20 CFRunLoopRunInMode + 0x60 18 HIToolbox 0.460.0.0 0x972340fb RunCurrentEventLoopInMode + 0x187 19 HIToolbox 0.460.0.0 0x97233eb0 ReceiveNextEventCommon + 0x161 20 HIToolbox 0.460.0.0 0x97233d35 BlockUntilNextEventMatchingListInMode + 0x50 21 AppKit 0.1038.29.0 0x93325134 _DPSNextEvent + 0x34e 22 AppKit 0.1038.29.0 0x93324975 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x9b 23 AppKit 0.1038.29.0 0x932e6bee -[NSApplication run] + 0x334 24 Google Chrome Framew0.369.0.1 0x00682afc base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 0x19 (message_pump_mac.mm:677) 25 Google Chrome Framew0.369.0.1 0x00682285 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 0xb (message_pump_mac.mm:213) 26 Google Chrome Framew0.369.0.1 0x006a4083 MessageLoop::Run() + 0xb (message_loop.cc:205) 27 Google Chrome Framew0.369.0.1 0x00637b0d RendererMain(MainFunctionParams const&) + 0xc (renderer_main.cc:289) 28 Google Chrome Framew0.369.0.1 0x0000a27d ChromeMain + 0xd (chrome_dll_main.cc:720) 29 Google Chrome Helper 0x00001ff7 main + 0x11 (chrome_exe_main.mm:16) 30 Google Chrome Helper 0x00001fb5 31
Attachments
Patch (1.65 KB, patch)
2010-04-09 02:59 PDT, Marcus Bulach 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Marcus Bulach
Comment 1 2010-04-09 02:59:45 PDT
Created attachment 52950 [details] Patch
WebKit Commit Bot
Comment 2 2010-04-09 06:13:51 PDT
Comment on attachment 52950 [details] Patch Clearing flags on attachment: 52950 Committed r57335: <http://trac.webkit.org/changeset/57335>
WebKit Commit Bot
Comment 3 2010-04-09 06:13:56 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.