73183 – REGRESSION (r101201): Crash inside WebKit::WebInspector::didClose() when closing any tab

Bug 73183 - REGRESSION (r101201): Crash inside WebKit::WebInspector::didClose() when closing any tab

Summary: REGRESSION (r101201): Crash inside WebKit::WebInspector::didClose() when clos...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Inspector (Deprecated) (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac (Intel) OS X 10.7

Importance:	P1 Critical
Assignee:	Pavel Feldman

URL:
Keywords:	InRadar, Regression

Duplicates (5):	73188 73207 73222 73223 73657 (view as bug list)
Depends on:
Blocks:

Reported:	2011-11-27 19:27 PST by Kevin M. Dean
Modified:	2011-12-02 12:32 PST (History)
CC List:	10 users (show)

See Also:

Attachments
Patch (1.38 KB, patch) 2011-11-28 02:05 PST, Pavel Feldman	yurys: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin M. Dean 2011-11-27 19:27:03 PST

If I have more than one tab open and close one of the tabs. The WebProcess crashes and reloads the remaining tabs.

Note that the Web Inspector isn't even open at the time when the crash occurs.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebKit2             	0x0000000103c542a0 WebKit::WebInspector::didClose() + 18
1   com.apple.WebKit2             	0x0000000103bdf814 WebKit::WebInspectorClient::inspectorDestroyed() + 18
2   com.apple.WebCore             	0x0000000104587fc5 WebCore::InspectorController::inspectedPageDestroyed() + 85
3   com.apple.WebCore             	0x000000010490eeed WebCore::Page::~Page() + 397
4   com.apple.WebKit2             	0x0000000103be8db8 WTF::OwnPtr<WebCore::Page>::clear() + 36
5   com.apple.WebKit2             	0x0000000103be2189 WebKit::WebPage::close() + 315
6   com.apple.WebKit2             	0x0000000103baafd7 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175
7   com.apple.WebKit2             	0x0000000103bac409 CoreIPC::Connection::dispatchMessages() + 147
8   com.apple.WebKit2             	0x0000000103bc601b RunLoop::performWork() + 111
9   com.apple.WebKit2             	0x0000000103bc6357 RunLoop::performWork(void*) + 75
10  com.apple.CoreFoundation      	0x00007fff97b77b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
11  com.apple.CoreFoundation      	0x00007fff97b773bd __CFRunLoopDoSources0 + 253
12  com.apple.CoreFoundation      	0x00007fff97b9e1a9 __CFRunLoopRun + 905
13  com.apple.CoreFoundation      	0x00007fff97b9dae6 CFRunLoopRunSpecific + 230
14  com.apple.HIToolbox           	0x00007fff910003d3 RunCurrentEventLoopInMode + 277
15  com.apple.HIToolbox           	0x00007fff9100763d ReceiveNextEventCommon + 355
16  com.apple.HIToolbox           	0x00007fff910074ca BlockUntilNextEventMatchingListInMode + 62
17  com.apple.AppKit              	0x00007fff8f2e03f1 _DPSNextEvent + 659
18  com.apple.AppKit              	0x00007fff8f2dfcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
19  com.apple.AppKit              	0x00007fff8f2dc62d -[NSApplication run] + 470
20  com.apple.WebKit2             	0x0000000103bc6517 RunLoop::run() + 67
21  com.apple.WebKit2             	0x0000000103c0c5d4 WebKit::WebProcessMain(WebKit::CommandLine const&) + 678
22  com.apple.WebKit2             	0x0000000103bdfb19 WebKitMain + 285
23  com.apple.WebProcess          	0x0000000103b6ee5f main + 219
24  com.apple.WebProcess          	0x0000000103b6ed7c start + 52

Comment 1 Mark Rowe (bdash) 2011-11-28 01:33:33 PST

The immediate reason for this crash is:

void WebInspectorClient::closeInspectorFrontend()
{
    m_page->inspector()->didClose();
}

m_page->inspector() is returning 0.

Comment 2 Mark Rowe (bdash) 2011-11-28 01:38:15 PST

And that happens because WebPage marks itself as closed in WebPage::close before the WebCore::Page is torn down. Does WebInspectorClient::inspectorDestroyed just need to grow a null check?

Comment 3 Pavel Feldman 2011-11-28 02:05:43 PST

Created attachment 116715 [details]
Patch

Comment 4 Mark Rowe (bdash) 2011-11-28 02:09:06 PST

Comment on attachment 116715 [details]
Patch

Given that ::inspector() is more than a trivial getter I think it’d be preferable to do:


    if (WebInspector* inspector = m_page->inspector())                                                                                                                              
        inspector->didClose();

Comment 5 Pavel Feldman 2011-11-28 02:09:59 PST

Committed r101239: <http://trac.webkit.org/changeset/101239>

Comment 6 Pavel Feldman 2011-11-28 03:36:31 PST

*** Bug 73188 has been marked as a duplicate of this bug. ***

Comment 7 Mark Rowe (bdash) 2011-11-28 09:12:48 PST

*** Bug 73223 has been marked as a duplicate of this bug. ***

Comment 8 mitz 2011-11-28 09:44:10 PST

<rdar://problem/10489008>

Comment 9 Mark Rowe (bdash) 2011-11-28 09:49:04 PST

*** Bug 73222 has been marked as a duplicate of this bug. ***

Comment 10 Alexey Proskuryakov 2011-11-29 08:54:22 PST

*** Bug 73207 has been marked as a duplicate of this bug. ***

Comment 11 Alexey Proskuryakov 2011-12-02 12:32:24 PST

*** Bug 73657 has been marked as a duplicate of this bug. ***