RESOLVED FIXED 56645
Assertion fires when hidden Find-on-Page matches are encountered in WebKit2 
https://bugs.webkit.org/show_bug.cgi?id=56645
Summary Assertion fires when hidden Find-on-Page matches are encountered in WebKit2
John Sullivan
Reported 2011-03-18 07:55:32 PDT
To reproduce: 1. visit amazon.com in a client using a debug build of WebKit2 2. use the Find-on-page UI to search for "the" 3. (If necessary), do Find Again a few times An assertion fires: ASSERTION FAILED: size Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit2 0x0000000100312b39 WebKit::SharedMemory::create(unsigned long) + 65 (SharedMemoryMac.cpp:94) 1 com.apple.WebKit2 0x00000001003b58c7 WebKit::ShareableBitmap::createShareable(WebCore::IntSize const&) + 47 (ShareableBitmap.cpp:51) 2 com.apple.WebKit2 0x000000010035b397 WebKit::FindController::updateFindIndicator(WebCore::Frame*, bool) + 323 (FindController.cpp:164) 3 com.apple.WebKit2 0x000000010035b942 WebKit::FindController::findString(WTF::String const&, WebKit::FindOptions, unsigned int) + 378 (FindController.cpp:116) 4 com.apple.WebKit2 0x000000010027d47c WebKit::WebPage::findString(WTF::String const&, unsigned int, unsigned int) + 48 (WebPage.cpp:1590) <etc> updateFindIndicator is computing an empty selection rect, and then trying to create a zero-sized ShareableBitmap, which hits the assertion in SharedMemory::create(). I've got a patch forthcoming.
Attachments
Patch to bail out earlier for empty selection rect (1.58 KB, patch)
2011-03-18 07:59 PDT, John Sullivan 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
John Sullivan
Comment 1 2011-03-18 07:59:31 PDT
Created attachment 86164 [details] Patch to bail out earlier for empty selection rect
John Sullivan
Comment 2 2011-03-18 08:01:44 PDT
In radar as 9154276.
mitz
Comment 3 2011-03-18 08:03:45 PDT
I seem to remember that Jeff Miller fixed a bug like this. Was his fix Windows-specific? Can his change be reverted?
John Sullivan
Comment 4 2011-03-18 08:16:05 PDT
I found Jeff's fix -- it is <http://trac.webkit.org/changeset/77091>. Jeff's fix prevented a crash after creating a zero-sized ShareableBitmap in this same updateFindIndicator function. This fix prevents an assertion while trying to create a zero-sized ShareableBitmap. svn blame reveals that the assertion was added after Jeff's fix, in 77968. I think both tests are valid. It's good to bail out as soon as possible by testing for the empty selection rect (my fix). It's also good to bail out if the attempt to create a ShareableBitmap fails (perhaps there is some failure possibility other than zero-size-ness).
John Sullivan
Comment 5 2011-03-18 08:31:00 PDT
Fixed in <http://trac.webkit.org/changeset/81472>.
Note You need to log in before you can comment on or make changes to this bug.