RESOLVED FIXED 79205
[GTK] fast/frames/frame-dead-region.html crash 
https://bugs.webkit.org/show_bug.cgi?id=79205
Summary [GTK] fast/frames/frame-dead-region.html crash
Philippe Normand
Reported 2012-02-22 00:34:14 PST
This is quite recent, I'd track the culprit commit if the waterfall wasn't so slow. #0 0x00007f299304aa18 in WTF::RefPtr<WebCore::Frame>::get (this=0x8) at ../../Source/JavaScriptCore/wtf/RefPtr.h:60 60 T* get() const { return m_ptr; } Thread 1 (Thread 0x7f2988874900 (LWP 6994)): #0 0x00007f299304aa18 in WTF::RefPtr<WebCore::Frame>::get (this=0x8) at ../../Source/JavaScriptCore/wtf/RefPtr.h:60 #1 0x00007f299309f9e4 in WebCore::FocusController::focusedFrame (this=0x0) at ../../Source/WebCore/page/FocusController.h:52 #2 0x00007f29938c719e in WebCore::Frame::willDetachPage (this=0x3d92860) at ../../Source/WebCore/page/Frame.cpp:679 #3 0x00007f299359e4b6 in WebCore::Frame::detachFromPage (this=0x3d92860) at ../../Source/WebCore/page/Frame.h:351 #4 0x00007f299359e17e in WebCore::CachedFrame::destroy (this=0x3f2b4b0) at ../../Source/WebCore/history/CachedFrame.cpp:249 #5 0x00007f299359e1eb in WebCore::CachedFrame::destroy (this=0x3dc9d70) at ../../Source/WebCore/history/CachedFrame.cpp:254 #6 0x00007f299359fa31 in WebCore::CachedPage::destroy (this=0x3950af0) at ../../Source/WebCore/history/CachedPage.cpp:114 #7 0x00007f29935a7839 in WebCore::PageCache::releaseAutoreleasedPagesNow (this=0x1bdea60) at ../../Source/WebCore/history/PageCache.cpp:463 #8 0x00007f29939218e4 in WebCore::Settings::setUsesPageCache (this=0x1b77950, usesPageCache=false) at ../../Source/WebCore/page/Settings.cpp:592 #9 0x00007f2993099ed1 in webkit_web_view_settings_notify (webSettings=0x1baf8e0, pspec=0x1bbda80, webView=0x1abc0b0) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:3390 #10 0x00007f299769e75f in g_cclosure_marshal_VOID__PARAM () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #11 0x00007f299769bfff in g_closure_invoke () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #12 0x00007f29976b595d in signal_emit_unlocked_R () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #13 0x00007f29976b4ad8 in g_signal_emit_valist () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #14 0x00007f29976b5056 in g_signal_emit () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #15 0x00007f29976a0895 in g_object_dispatch_properties_changed () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #16 0x00007f299769f1e5 in g_object_notify_queue_thaw () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #17 0x00007f29976a2ba7 in g_object_set_valist () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #18 0x00007f29976a334c in g_object_set () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0 #19 0x0000000000456e7c in resetDefaultsToConsistentValues () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:429 #20 0x00000000004577ef in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:655 #21 0x0000000000457120 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:491 #22 0x000000000045a121 in main (argc=2, argv=0x7fff483212d8) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1384
Attachments
Patch (2.81 KB, patch)
2012-02-22 01:09 PST, Adam Barth 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.80 KB, patch)
2012-02-22 01:10 PST, Adam Barth 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Philippe Normand
Comment 1 2012-02-22 00:40:03 PST
http://trac.webkit.org/changeset/108428 seems to be the first commit with this crash.
Adam Barth
Comment 2 2012-02-22 00:47:02 PST
I think we're just missing a null check. I've got a somewhat complicated patch in my working copy right now, but I can fixenate this soon.
Adam Barth
Comment 3 2012-02-22 01:09:22 PST
Created attachment 128151 [details] Patch
Adam Barth
Comment 4 2012-02-22 01:10:58 PST
Created attachment 128152 [details] Patch for landing
WebKit Review Bot
Comment 5 2012-02-22 01:45:40 PST
Comment on attachment 128152 [details] Patch for landing Clearing flags on attachment: 128152 Committed r108465: <http://trac.webkit.org/changeset/108465>
WebKit Review Bot
Comment 6 2012-02-22 01:45:49 PST
All reviewed patches have been landed. Closing bug.
Philippe Normand
Comment 7 2012-02-22 03:16:14 PST
Thanks Adam :)
Note You need to log in before you can comment on or make changes to this bug.