Bug 42610 - NotificationCenter::disconnectFrame will crash if called twice
Summary: NotificationCenter::disconnectFrame will crash if called twice
Status: RESOLVED DUPLICATE of bug 42534
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: John Gregg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-19 18:17 PDT by John Gregg
Modified: 2010-07-21 07:44 PDT (History)
4 users (show)

See Also:

Attachments
Patch (1.23 KB, patch)
2010-07-19 18:52 PDT, John Gregg 		no flags Details | Formatted Diff | Diff
Patch (1.23 KB, patch)
2010-07-19 19:01 PDT, John Gregg 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Gregg 2010-07-19 18:17:23 PDT 
NotificationCenter::disconnectFrame will crash if called twice
Comment 1 John Gregg 2010-07-19 18:52:06 PDT 
Created attachment 62024 [details]
Patch
Comment 2 WebKit Review Bot 2010-07-19 18:56:35 PDT 
Attachment 62024 [details] did not pass style-queue:

Failed to run "['WebKitTools/Scripts/check-webkit-style']" exit_code: 1
WebCore/ChangeLog:9:  Line contains tab character.  [whitespace/tab] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 John Gregg 2010-07-19 19:01:06 PDT 
Created attachment 62026 [details]
Patch
Comment 4 Andreas Kling 2010-07-19 20:58:28 PDT 
Related: 42534
Comment 5 Alexey Proskuryakov 2010-07-19 22:08:26 PDT 
> Adds a null check; this is a prospective fix for a crash that is difficult to repro.

Why is it difficult to reproduce? This looks like a case where having a regression test is particularly important.

> NotificationCenter::disconnectFrame will crash if called twice

How can it be called twice?
Comment 6 John Gregg 2010-07-20 10:12:11 PDT 
(In reply to comment #5)
> > Adds a null check; this is a prospective fix for a crash that is difficult to repro.
> 
> Why is it difficult to reproduce? This looks like a case where having a regression test is particularly important.
> 

The crash is being reported by Chrome users, with a stack trace that suggests this code path, and the timing suggests http://trac.webkit.org/changeset/62939 may be the culprit.   When I say difficult to repro, actually I have not been able to reproduce it at all, but because of the crash reports, we know it is happening.

> > NotificationCenter::disconnectFrame will crash if called twice
> 
> How can it be called twice?

Again, not sure that's what's happening.  But if it did happen, it will definitely crash.  But as Andreas pointed out, bug 42534 has more information.
Comment 7 Alexey Proskuryakov 2010-07-20 11:07:19 PDT 
There are multiple disconnectFrame() calls in various objects, all called from DOMWindow::clear(), and those don't seem to cause crashes.

One way to attack this is to answer the question of what is different about NotificationCenter.
Comment 8 John Gregg 2010-07-20 11:09:07 PDT 
I think Yael understands the cause of the crash in bug 42534, so I will withdraw this patch for now.
Comment 9 Yael 2010-07-20 14:16:20 PDT 
Not being able to reproduce this is slowing me down, and if someone can find a way to reproduce, I will be happy to know about it. 
I am working on this, and sorry for the inconvenience.
Comment 10 Yael 2010-07-20 17:44:26 PDT 
(In reply to comment #7)
> One way to attack this is to answer the question of what is different about NotificationCenter.
This is a very good question :-)
Since notifications are expected to outlive the page that created them, I made Qt's NotificationPresenter a singleton. It is deleted when the last page is deleted.
John, is it a singleton in Chromium too?
Comment 11 Yael 2010-07-21 07:44:18 PDT 

*** This bug has been marked as a duplicate of bug 42534 ***