RESOLVED FIXED 99350
REGRESSION (r131238): Repro crash in WebCore::ScrollingStateTree::removeNode(WebCore::ScrollingStateNode*) opening pdf page
https://bugs.webkit.org/show_bug.cgi?id=99350
Summary REGRESSION (r131238): Repro crash in WebCore::ScrollingStateTree::removeNode(...
Beth Dakin
Reported 2012-10-15 12:27:10 PDT
<rdar://problem/12499839> Correction to steps: 1. on google.com look for a PDF 2. click first pdf link. I don't seem to reproduce when opening pdf link from history list. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fffba6b2f3c WebCore::ScrollingStateTree::removeNode(WebCore::ScrollingStateNode*) + 28 1 com.apple.WebCore 0x00007fffba52334f WebCore::ScrollingCoordinatorMac::detachFromStateTree(unsigned long long) + 63 2 com.apple.WebCore 0x00007fffba486dda WebCore::RenderLayerBacking::~RenderLayerBacking() + 410 3 com.apple.WebCore 0x00007fffb9a8c91e WebCore::RenderLayerBacking::~RenderLayerBacking() + 14 4 com.apple.WebCore 0x00007fffba4795f4 WebCore::RenderLayer::~RenderLayer() + 724 5 com.apple.WebCore 0x00007fffb99e71fe WebCore::RenderLayer::~RenderLayer() + 14 6 com.apple.WebCore 0x00007fffb99e71de WebCore::RenderLayer::destroy(WebCore::RenderArena*) + 30 7 com.apple.WebCore 0x00007fffba4f8651 WebCore::RenderLayerModelObject::destroyLayer() + 33 8 com.apple.WebCore 0x00007fffba49ee84 WebCore::RenderObject::willBeDestroyed() + 260 9 com.apple.WebCore 0x00007fffba44e9d4 WebCore::RenderBoxModelObject::willBeDestroyed() + 132 10 com.apple.WebCore 0x00007fffba4407ee WebCore::RenderBox::willBeDestroyed() + 78 11 com.apple.WebCore 0x00007fffba41c15e WebCore::RenderBlock::willBeDestroyed() + 382 12 com.apple.WebCore 0x00007fffb99e5cf2 WebCore::RenderObject::destroy() + 18 13 com.apple.WebCore 0x00007fffb99e5932 WebCore::Document::detach() + 706 14 com.apple.WebCore 0x00007fffb9d1d989 WebCore::CachedFrame::destroy() + 201 15 com.apple.WebCore 0x00007fffb9d1d878 WebCore::CachedPage::destroy() + 24 16 com.apple.WebCore 0x00007fffb9ac454f WebCore::PageCache::releaseAutoreleasedPagesNow() + 159 17 com.apple.WebCore 0x00007fffb997463f WebCore::ThreadTimers::sharedTimerFiredInternal() + 159 18 com.apple.WebCore 0x00007fffba53f83a WebCore::timerFired(__CFRunLoopTimer*, void*) + 58 19 com.apple.CoreFoundation 0x00007fffb9052974 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 20 com.apple.CoreFoundation 0x00007fffb9052485 __CFRunLoopDoTimer + 1045 21 com.apple.CoreFoundation 0x00007fffb90384ae __CFRunLoopRun + 1390 22 com.apple.CoreFoundation 0x00007fffb9037b39 CFRunLoopRunSpecific + 297 23 com.apple.HIToolbox 0x00007fffb93c48f2 RunCurrentEventLoopInMode + 231 24 com.apple.HIToolbox 0x00007fffb93c46a2 ReceiveNextEventCommon + 420 25 com.apple.HIToolbox 0x00007fffb94d5cdc _BlockUntilNextEventMatchingListInModeWithFilter + 65 26 com.apple.AppKit 0x00007fffbfe8ce54 _DPSNextEvent + 1452 27 com.apple.AppKit 0x00007fffbfe8c431 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 119 28 com.apple.AppKit 0x00007fffbfe845ca -[NSApplication run] + 542 29 com.apple.AppKit 0x00007fffbfe2d356 NSApplicationMain + 911 30 com.apple.XPCService 0x00007fffbd60b059 _xpc_main + 385 31 libxpc.dylib 0x00007fffc0eaefdd xpc_main + 299 32 com.apple.WebKit2 0x00007fffc0ff7614 WebProcessServiceMain + 35 33 libdyld.dylib 0x00007fffb7ffb76d start + 1
Attachments
Patch (1.96 KB, patch)
2012-10-15 12:34 PDT, Beth Dakin
simon.fraser: review+
Beth Dakin
Comment 1 2012-10-15 12:34:47 PDT
Beth Dakin
Comment 2 2012-10-15 12:40:20 PDT
Note You need to log in before you can comment on or make changes to this bug.