Bug 99496 - Crash in WebCore::Document::webkitExitFullscreen + 618
Summary: Crash in WebCore::Document::webkitExitFullscreen + 618
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Jer Noble
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-16 13:39 PDT by Jer Noble
Modified: 2014-01-23 20:24 PST (History)
2 users (show)

See Also:

Attachments
Patch (1.38 KB, patch)
2012-10-16 13:43 PDT, Jer Noble 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jer Noble 2012-10-16 13:39:10 PDT 
Crash in WebCore::Document::webkitExitFullscreen + 618
Comment 1 Jer Noble 2012-10-16 13:39:28 PDT 
<rdar://problem/12081388>
Comment 2 Jer Noble 2012-10-16 13:40:38 PDT 
Backtrace:

Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x00007fff8fd9271a WebCore::Document::webkitExitFullscreen() + 618
1   com.apple.WebCore             	0x00007fff8fc101d4 WebCore::Document::webkitCancelFullScreen() + 404
2   com.apple.WebKit2             	0x00007fff9432eef1 WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 179
3   com.apple.WebKit2             	0x00007fff9429b715 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175
4   com.apple.WebKit2             	0x00007fff942de403 CoreIPC::Connection::dispatchOneMessage() + 139
5   com.apple.WebCore             	0x00007fff9021cc19 WebCore::RunLoop::performWork() + 201
6   com.apple.WebCore             	0x00007fff9021d1f7 WebCore::RunLoop::performWork(void*) + 71
7   com.apple.CoreFoundation      	0x00007fff8dfe8841 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
8   com.apple.CoreFoundation      	0x00007fff8dfe8165 __CFRunLoopDoSources0 + 245
9   com.apple.CoreFoundation      	0x00007fff8e00b4e5 __CFRunLoopRun + 789
10  com.apple.CoreFoundation      	0x00007fff8e00add2 CFRunLoopRunSpecific + 290
11  com.apple.HIToolbox           	0x00007fff8da3a774 RunCurrentEventLoopInMode + 209
12  com.apple.HIToolbox           	0x00007fff8da3a512 ReceiveNextEventCommon + 356
13  com.apple.HIToolbox           	0x00007fff8da3a3a3 BlockUntilNextEventMatchingListInMode + 62
14  com.apple.AppKit              	0x00007fff8cd8efa3 _DPSNextEvent + 685
15  com.apple.AppKit              	0x00007fff8cd8e862 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
16  com.apple.AppKit              	0x00007fff8cd85c03 -[NSApplication run] + 517
17  com.apple.WebCore             	0x00007fff9021d5cf WebCore::RunLoop::run() + 63
18  com.apple.WebKit2             	0x00007fff943876d0 WebKit::WebProcessMain(WebKit::CommandLine const&) + 2586
19  com.apple.WebKit2             	0x00007fff9434f275 WebKitMain + 285
20  com.apple.WebProcess          	0x000000010a7dde7b 0x10a7dd000 + 3707
21  libdyld.dylib                 	0x00007fff969f97e1 start + 1
Comment 3 Jer Noble 2012-10-16 13:43:01 PDT 
Created attachment 169015 [details]
Patch
Comment 4 WebKit Review Bot 2012-10-18 12:03:34 PDT 
Comment on attachment 169015 [details]
Patch

Clearing flags on attachment: 169015

Committed r131785: <http://trac.webkit.org/changeset/131785>
Comment 5 WebKit Review Bot 2012-10-18 12:03:37 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Eric Seidel (no email) 2014-01-23 20:24:31 PST 
A reproduction for this bug was found when we tried to remove this null-check in Chromium:

1. Go to engadget.com/videos
2. Tap on one of the videos
3. Tap the fullscreen icon
4. Tap the Back key

I think this was the wrong fix.  It doesn't make sense on the surface for an element to still be fullscreen at a time at which it's document or frame has been disconnected from the Page.  Presumably the fullscreen should already have been canceled when the frame or document disconnect happened.  We're likely to temporarily add back the null check in Blink code but then find a better way around this.