Created attachment 133605 [details] Patch

Other uses of rootLayer() in this files is guarded, these were not. I can't get this to replicate all the time, but it happened when closing a tab. Without multiple tabs within the same processes, it is hard to catch since closing the tab makes crashes hard to spot. With multiple tabs in the same process, the others crash too.

Comment on attachment 133605 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=133605&action=review > Source/WebCore/platform/graphics/chromium/LayerRendererChromium.cpp:407 > - m_defaultRenderSurface = rootLayer()->renderSurface(); > + m_defaultRenderSurface = rootLayer() ? rootLayer()->renderSurface() : 0; This isn't enough. If m_defaultRenderSurface is 0, you'll deref 0 in useRenderSurface. Can you please assert on rootLayer() here and early out in CCLTHI::drawLayers if there is no root layer?

Created attachment 133610 [details] Patch

Done. I am no longer seeing segfaults, nor seeing any implications to early out, but I am not really sure why there would not be a root layer.

Comment on attachment 133610 [details] Patch Thanks for the quick changes. I'd like to land this ASAP to be robust to this, but would you mind creating another bug and write a patch to add a test in CCLayerTreeHostImplTest to make sure that CCLTHI impl is robust to calling various functions with a null root layer?

Comment on attachment 133610 [details] Patch Clearing flags on attachment: 133610 Committed r111968: <http://trac.webkit.org/changeset/111968>

All reviewed patches have been landed. Closing bug.