RESOLVED DUPLICATE of bug 42534 42610
NotificationCenter::disconnectFrame will crash if called twice 
https://bugs.webkit.org/show_bug.cgi?id=42610
Summary NotificationCenter::disconnectFrame will crash if called twice
John Gregg
Reported 2010-07-19 18:17:23 PDT
NotificationCenter::disconnectFrame will crash if called twice
Attachments
Patch (1.23 KB, patch)
2010-07-19 18:52 PDT, John Gregg 		no flags
DetailsFormatted DiffDiff
Patch (1.23 KB, patch)
2010-07-19 19:01 PDT, John Gregg 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
John Gregg
Comment 1 2010-07-19 18:52:06 PDT
Created attachment 62024 [details] Patch
WebKit Review Bot
Comment 2 2010-07-19 18:56:35 PDT
Attachment 62024 [details] did not pass style-queue: Failed to run "['WebKitTools/Scripts/check-webkit-style']" exit_code: 1 WebCore/ChangeLog:9: Line contains tab character. [whitespace/tab] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
John Gregg
Comment 3 2010-07-19 19:01:06 PDT
Created attachment 62026 [details] Patch
Andreas Kling
Comment 4 2010-07-19 20:58:28 PDT
Related: 42534
Alexey Proskuryakov
Comment 5 2010-07-19 22:08:26 PDT
> Adds a null check; this is a prospective fix for a crash that is difficult to repro. Why is it difficult to reproduce? This looks like a case where having a regression test is particularly important. > NotificationCenter::disconnectFrame will crash if called twice How can it be called twice?
John Gregg
Comment 6 2010-07-20 10:12:11 PDT
(In reply to comment #5) > > Adds a null check; this is a prospective fix for a crash that is difficult to repro. > > Why is it difficult to reproduce? This looks like a case where having a regression test is particularly important. > The crash is being reported by Chrome users, with a stack trace that suggests this code path, and the timing suggests http://trac.webkit.org/changeset/62939 may be the culprit. When I say difficult to repro, actually I have not been able to reproduce it at all, but because of the crash reports, we know it is happening. > > NotificationCenter::disconnectFrame will crash if called twice > > How can it be called twice? Again, not sure that's what's happening. But if it did happen, it will definitely crash. But as Andreas pointed out, bug 42534 has more information.
Alexey Proskuryakov
Comment 7 2010-07-20 11:07:19 PDT
There are multiple disconnectFrame() calls in various objects, all called from DOMWindow::clear(), and those don't seem to cause crashes. One way to attack this is to answer the question of what is different about NotificationCenter.
John Gregg
Comment 8 2010-07-20 11:09:07 PDT
I think Yael understands the cause of the crash in bug 42534, so I will withdraw this patch for now.
Yael
Comment 9 2010-07-20 14:16:20 PDT
Not being able to reproduce this is slowing me down, and if someone can find a way to reproduce, I will be happy to know about it. I am working on this, and sorry for the inconvenience.
Yael
Comment 10 2010-07-20 17:44:26 PDT
(In reply to comment #7) > One way to attack this is to answer the question of what is different about NotificationCenter. This is a very good question :-) Since notifications are expected to outlive the page that created them, I made Qt's NotificationPresenter a singleton. It is deleted when the last page is deleted. John, is it a singleton in Chromium too?
Yael
Comment 11 2010-07-21 07:44:18 PDT
*** This bug has been marked as a duplicate of bug 42534 ***
Note You need to log in before you can comment on or make changes to this bug.