RESOLVED FIXED 73183
REGRESSION (r101201): Crash inside WebKit::WebInspector::didClose() when closing any tab 
https://bugs.webkit.org/show_bug.cgi?id=73183
Summary REGRESSION (r101201): Crash inside WebKit::WebInspector::didClose() when clos...
Kevin M. Dean
Reported 2011-11-27 19:27:03 PST
If I have more than one tab open and close one of the tabs. The WebProcess crashes and reloads the remaining tabs. Note that the Web Inspector isn't even open at the time when the crash occurs. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit2 0x0000000103c542a0 WebKit::WebInspector::didClose() + 18 1 com.apple.WebKit2 0x0000000103bdf814 WebKit::WebInspectorClient::inspectorDestroyed() + 18 2 com.apple.WebCore 0x0000000104587fc5 WebCore::InspectorController::inspectedPageDestroyed() + 85 3 com.apple.WebCore 0x000000010490eeed WebCore::Page::~Page() + 397 4 com.apple.WebKit2 0x0000000103be8db8 WTF::OwnPtr<WebCore::Page>::clear() + 36 5 com.apple.WebKit2 0x0000000103be2189 WebKit::WebPage::close() + 315 6 com.apple.WebKit2 0x0000000103baafd7 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175 7 com.apple.WebKit2 0x0000000103bac409 CoreIPC::Connection::dispatchMessages() + 147 8 com.apple.WebKit2 0x0000000103bc601b RunLoop::performWork() + 111 9 com.apple.WebKit2 0x0000000103bc6357 RunLoop::performWork(void*) + 75 10 com.apple.CoreFoundation 0x00007fff97b77b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 11 com.apple.CoreFoundation 0x00007fff97b773bd __CFRunLoopDoSources0 + 253 12 com.apple.CoreFoundation 0x00007fff97b9e1a9 __CFRunLoopRun + 905 13 com.apple.CoreFoundation 0x00007fff97b9dae6 CFRunLoopRunSpecific + 230 14 com.apple.HIToolbox 0x00007fff910003d3 RunCurrentEventLoopInMode + 277 15 com.apple.HIToolbox 0x00007fff9100763d ReceiveNextEventCommon + 355 16 com.apple.HIToolbox 0x00007fff910074ca BlockUntilNextEventMatchingListInMode + 62 17 com.apple.AppKit 0x00007fff8f2e03f1 _DPSNextEvent + 659 18 com.apple.AppKit 0x00007fff8f2dfcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 19 com.apple.AppKit 0x00007fff8f2dc62d -[NSApplication run] + 470 20 com.apple.WebKit2 0x0000000103bc6517 RunLoop::run() + 67 21 com.apple.WebKit2 0x0000000103c0c5d4 WebKit::WebProcessMain(WebKit::CommandLine const&) + 678 22 com.apple.WebKit2 0x0000000103bdfb19 WebKitMain + 285 23 com.apple.WebProcess 0x0000000103b6ee5f main + 219 24 com.apple.WebProcess 0x0000000103b6ed7c start + 52
Attachments
Patch (1.38 KB, patch)
2011-11-28 02:05 PST, Pavel Feldman 		yurys: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2011-11-28 01:33:33 PST
The immediate reason for this crash is: void WebInspectorClient::closeInspectorFrontend() { m_page->inspector()->didClose(); } m_page->inspector() is returning 0.
Mark Rowe (bdash)
Comment 2 2011-11-28 01:38:15 PST
And that happens because WebPage marks itself as closed in WebPage::close before the WebCore::Page is torn down. Does WebInspectorClient::inspectorDestroyed just need to grow a null check?
Pavel Feldman
Comment 3 2011-11-28 02:05:43 PST
Created attachment 116715 [details] Patch
Mark Rowe (bdash)
Comment 4 2011-11-28 02:09:06 PST
Comment on attachment 116715 [details] Patch Given that ::inspector() is more than a trivial getter I think it’d be preferable to do: if (WebInspector* inspector = m_page->inspector()) inspector->didClose();
Pavel Feldman
Comment 5 2011-11-28 02:09:59 PST
Committed r101239: <http://trac.webkit.org/changeset/101239>
Pavel Feldman
Comment 6 2011-11-28 03:36:31 PST
*** Bug 73188 has been marked as a duplicate of this bug. ***
Mark Rowe (bdash)
Comment 7 2011-11-28 09:12:48 PST
*** Bug 73223 has been marked as a duplicate of this bug. ***
mitz
Comment 8 2011-11-28 09:44:10 PST
<rdar://problem/10489008>
Mark Rowe (bdash)
Comment 9 2011-11-28 09:49:04 PST
*** Bug 73222 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 10 2011-11-29 08:54:22 PST
*** Bug 73207 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 11 2011-12-02 12:32:24 PST
*** Bug 73657 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.