RESOLVED FIXED Bug 54213
REGRESSION (r78198): Crash in FindIndicator::contentImage when scrolling page
https://bugs.webkit.org/show_bug.cgi?id=54213
Summary REGRESSION (r78198): Crash in FindIndicator::contentImage when scrolling page
Adam Roben (:aroben)
Reported 2011-02-10 08:20:45 PST
To reproduce: 1. Go to data:text/html,<div style="height:3000px">test test 2. Search for "test" so the find indicator appears 3. Scroll the page You'll crash. The crashing line of code is in WebView::setFindIndicator: ShareableBitmap* contentImage = findIndicator->contentImage(); findIndicator is null. Here's the backtrace: WebKit.dll!WTF::RefPtr<WebKit::ShareableBitmap>::get() Line 60 + 0x11 bytes C++ WebKit.dll!WebKit::FindIndicator::contentImage() Line 53 + 0x19 bytes C++ > WebKit.dll!WebKit::WebView::setFindIndicator(WTF::PassRefPtr<WebKit::FindIndicator> prpFindIndicator={...}, bool fadeOut=false) Line 1073 + 0xf bytes C++ WebKit.dll!WebKit::WebPageProxy::setFindIndicator(const WebCore::FloatRect & selectionRectInWindowCoordinates={...}, const WTF::Vector<WebCore::FloatRect,0> & textRectsInSelectionRectCoordinates=[0](), const WebKit::SharedMemory::Handle & contentImageHandle={...}, bool fadeOut=false) Line 1992 C++ WebKit.dll!CoreIPC::callMemberFunction<WebKit::WebPageProxy,void (__thiscall WebKit::WebPageProxy::*)(WebCore::FloatRect const &,WTF::Vector<WebCore::FloatRect,0> const &,WebKit::SharedMemory::Handle const &,bool),WebCore::FloatRect,WTF::Vector<WebCore::FloatRect,0>,WebKit::SharedMemory::Handle,bool>(const CoreIPC::Arguments4<WebCore::FloatRect,WTF::Vector<WebCore::FloatRect,0>,WebKit::SharedMemory::Handle,bool> & args={...}, WebKit::WebPageProxy * object=0x06ea9a48, void (const WebCore::FloatRect &, const WTF::Vector<WebCore::FloatRect,0> &, const WebKit::SharedMemory::Handle &, bool)* function=0x03810b4a) Line 37 + 0x24 bytes C++ WebKit.dll!CoreIPC::handleMessage<Messages::WebPageProxy::SetFindIndicator,WebKit::WebPageProxy,void (__thiscall WebKit::WebPageProxy::*)(WebCore::FloatRect const &,WTF::Vector<WebCore::FloatRect,0> const &,WebKit::SharedMemory::Handle const &,bool)>(CoreIPC::ArgumentDecoder * argumentDecoder=0x09a1e4b0, WebKit::WebPageProxy * object=0x06ea9a48, void (const WebCore::FloatRect &, const WTF::Vector<WebCore::FloatRect,0> &, const WebKit::SharedMemory::Handle &, bool)* function=0x03810b4a) Line 246 + 0x15 bytes C++ WebKit.dll!WebKit::WebPageProxy::didReceiveWebPageProxyMessage(CoreIPC::Connection * __formal=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0) Line 273 + 0x2f bytes C++ WebKit.dll!WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0) Line 1187 C++ WebKit.dll!WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0) Line 245 C++ WebKit.dll!CoreIPC::Connection::dispatchMessages() Line 450 + 0x31 bytes C++ WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute() Line 76 + 0x10 bytes C++ WebKit.dll!RunLoop::performWork() Line 63 + 0x1a bytes C++ WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x000f0aec, unsigned int message=1025, unsigned int wParam=115583784, long lParam=0) Line 57 C++ WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x000f0aec, unsigned int message=1025, unsigned int wParam=115583784, long lParam=0) Line 39 + 0x18 bytes C++
Attachments
Handle a null FindIndicator correctly (12.33 KB, patch)
2011-02-10 08:32 PST, Adam Roben (:aroben)
sfalken: review+
Adam Roben (:aroben)
Comment 1 2011-02-10 08:21:24 PST
Adam Roben (:aroben)
Comment 2 2011-02-10 08:32:37 PST
Created attachment 81985 [details] Handle a null FindIndicator correctly
Adam Roben (:aroben)
Comment 3 2011-02-10 11:28:21 PST
Note You need to log in before you can comment on or make changes to this bug.