RESOLVED FIXED 93800
WebPagePopupImpl::handleKeyEvent is called after WebPagePopupImpl::close 
https://bugs.webkit.org/show_bug.cgi?id=93800
Summary WebPagePopupImpl::handleKeyEvent is called after WebPagePopupImpl::close
Keishi Hattori
Reported 2012-08-13 00:23:59 PDT
ASSERTION FAILED: m_ptr ../../third_party/WebKit/Source/WTF/wtf/OwnPtr.h(64) : PtrType WTF::OwnPtr<WebCore::Page>::operator->() const [T = WebCore::Page] 1 0x10015b71 WTF::OwnPtr<WebCore::Page>::operator->() const 2 0x1013c7fd WebKit::WebPagePopupImpl::handleKeyEvent(WebCore::PlatformKeyboardEvent const&) 3 0x1018f974 WebKit::WebViewImpl::handleKeyEvent(WebKit::WebKeyboardEvent const&)
Attachments
Patch (1.46 KB, patch)
2012-08-13 00:29 PDT, Keishi Hattori 		no flags
DetailsFormatted DiffDiff
Patch (1.41 KB, patch)
2012-11-08 21:21 PST, Keishi Hattori 		no flags
DetailsFormatted DiffDiff
Patch (1.41 KB, patch)
2012-11-08 21:55 PST, Keishi Hattori 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Keishi Hattori
Comment 1 2012-08-13 00:29:46 PDT
Created attachment 157931 [details] Patch
Kent Tamura
Comment 2 2012-08-13 18:26:38 PDT
Comment on attachment 157931 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=157931&action=review > Source/WebKit/chromium/ChangeLog:8 > + Fix crash in WebPagePopupImpl::handleKeyEvent > + https://bugs.webkit.org/show_bug.cgi?id=93800 > + > + Reviewed by NOBODY (OOPS!). > + > + We need to check if WebPagePopupImpl::m_page is set. Would you explain how to reproduce the problem please?
Kent Tamura
Comment 3 2012-08-13 18:26:39 PDT
Comment on attachment 157931 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=157931&action=review > Source/WebKit/chromium/ChangeLog:8 > + Fix crash in WebPagePopupImpl::handleKeyEvent > + https://bugs.webkit.org/show_bug.cgi?id=93800 > + > + Reviewed by NOBODY (OOPS!). > + > + We need to check if WebPagePopupImpl::m_page is set. Would you explain how to reproduce the problem please?
Keishi Hattori
Comment 4 2012-08-13 20:42:08 PDT
(In reply to comment #3) > Would you explain how to reproduce the problem please? It happened while bashing on the keyboard after closing the page popup, but I can't reproduce it now.
Eric Seidel (no email)
Comment 5 2012-08-22 15:20:53 PDT
Comment on attachment 157931 [details] Patch Cleared review? from attachment 157931 [details] so that this bug does not appear in http://webkit.org/pending-review. If you would like this patch reviewed, please attach it to a new bug (or re-open this bug before marking it for review again).
Keishi Hattori
Comment 6 2012-11-08 05:21:45 PST
Reproduction method found http://code.google.com/p/chromium/issues/detail?id=160016
Keishi Hattori
Comment 7 2012-11-08 21:13:15 PST
WebKit::WebPagePopupImpl::close() content::RenderWidget::Close() //PostNonNestableTask(RenderWidget::Close) content::RenderWidget::OnClose() // Send(ViewMsg_Close); content::RenderWidgetHostImpl::Shutdown() content::RenderWidgetHostViewMac::ShutdownHost() // PostTask(RenderWidgetHostViewMac::ShutdownHost) content::RenderWidgetHostViewMac::KillSelf() [RenderWidgetHostViewCocoa cancelChildPopups] [RenderWidgetHostViewCocoa scrollWheel:] [NSWindow sendEvent:] [ChromeEventProcessingWindow sendEvent:] [FramedBrowserWindow sendEvent:] [NSApplication sendEvent:] [BrowserCrApplication sendEvent:] [NSApplication run]
Keishi Hattori
Comment 8 2012-11-08 21:21:14 PST
Created attachment 173195 [details] Patch
Kent Tamura
Comment 9 2012-11-08 21:33:29 PST
Comment on attachment 173195 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=173195&action=review > Source/WebKit/chromium/ChangeLog:8 > + We need to set m_closing tot true in WebPagePopupImpl::close so we won't access m_page in WebPagePopupImpl::handleKeyEvent. tot -> to?
Keishi Hattori
Comment 10 2012-11-08 21:55:55 PST
Created attachment 173202 [details] Patch
WebKit Review Bot
Comment 11 2012-11-08 22:24:42 PST
Comment on attachment 173202 [details] Patch Clearing flags on attachment: 173202 Committed r134009: <http://trac.webkit.org/changeset/134009>
WebKit Review Bot
Comment 12 2012-11-08 22:24:45 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.