RESOLVED FIXED 45535
Crash in WebProcess::removeWebFrame on exit with WebKit2 (Release builds only) 
https://bugs.webkit.org/show_bug.cgi?id=45535
Summary Crash in WebProcess::removeWebFrame on exit with WebKit2 (Release builds only)
Adam Roben (:aroben)
Reported 2010-09-10 05:47:26 PDT
To reproduce: 1. Go to any web page 2. Quit the application You'll crash in WebProcess::removeWebFrame because m_connection is null. Here's the backtrace: > WebKit.dll!CoreIPC::Connection::sendMessage(CoreIPC::MessageID messageID={...}, WTF::PassOwnPtr<CoreIPC::ArgumentEncoder> arguments={...}) Line 82 C++ WebKit.dll!WebKit::WebProcess::removeWebFrame(unsigned __int64 frameID=1154279296239097896) Line 396 C++ WebKit.dll!WebKit::WebFrameLoaderClient::frameLoaderDestroyed() Line 82 C++ WebKit.dll!WebCore::Frame::~Frame() Line 223 + 0x149 bytes C++ WebKit.dll!WebCore::Frame::lifeSupportTimerFired(WebCore::Timer<WebCore::Frame> * __formal=0x7feb5db0) Line 883 + 0x6 bytes C++ WebKit.dll!WebCore::Timer<WebCore::RenderMedia>::fired() Line 98 + 0xe bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 115 C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++ WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00030314, unsigned int message=49573, unsigned int wParam=0, long lParam=0) Line 104 C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes WebKit.dll!RunLoop::run() Line 72 + 0x7 bytes C++ WebKit.dll!WebKit::WebProcessMain(WebKit::CommandLine * commandLine=0x0012ff00) Line 81 C++ WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x00020bf0, int nCmdShow=10) Line 101 + 0xa bytes C++ WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x00020bf0, int nCmdShow=10) Line 44 + 0x1a bytes C++ WebKit2WebProcess.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes <rdar://problem/8412928>
Attachments
Don't crash when a frame is destroyed after the UI process has disconnected (1.54 KB, patch)
2010-09-10 05:54 PDT, Adam Roben (:aroben) 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2010-09-10 05:52:02 PDT
You can ignore the bogus frameID passed to removeWebFrame. That's just an artifact of Release builds being dodgy in the debugger.
Adam Roben (:aroben)
Comment 2 2010-09-10 05:52:24 PDT
m_connection is null because WebProcess::invalidate has already been called.
Adam Roben (:aroben)
Comment 3 2010-09-10 05:54:22 PDT
Created attachment 67173 [details] Don't crash when a frame is destroyed after the UI process has disconnected
Adam Roben (:aroben)
Comment 4 2010-09-10 08:53:15 PDT
Committed r67202: <http://trac.webkit.org/changeset/67202>
Note You need to log in before you can comment on or make changes to this bug.