CLOSED FIXED 36894
Crash with frame flattening on after r56854 
https://bugs.webkit.org/show_bug.cgi?id=36894
Summary Crash with frame flattening on after r56854
Greg Bolsinga
Reported 2010-03-31 11:49:31 PDT
Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001011cd4c0 WebCore::Frame::ownerElement() const + 12 (Frame.cpp:1107) 1 com.apple.WebCore 0x00000001011f6d6c WebCore::FrameView::avoidScrollbarCreation() + 36 (FrameView.cpp:334) 2 com.apple.WebCore 0x00000001018101c4 WebCore::ScrollView::setHasHorizontalScrollbar(bool) + 38 (ScrollView.cpp:84) 3 com.apple.WebCore 0x00000001011f9faf WebCore::FrameView::~FrameView() + 359 (FrameView.cpp:165) m_frame is being destroyed here and is being accessed. To reproduce apply the following patch, build WebKit debug and run Safari: diff --git a/WebKit/mac/WebView/WebPreferences.mm b/WebKit/mac/WebView/WebPreferences.mm index 84a6e9e..28f8f17 100644 --- a/WebKit/mac/WebView/WebPreferences.mm +++ b/WebKit/mac/WebView/WebPreferences.mm @@ -357,7 +357,7 @@ static WebCacheModel cacheModelForMainBundle(void) [NSNumber numberWithBool:NO], WebKitWebGLEnabledPreferenceKey, [NSNumber numberWithBool:NO], WebKitUsesProxiedOpenPanelPreferenceKey, [NSNumber numberWithUnsignedInt:4], WebKitPluginAllowedRunTimePreferenceKey, - [NSNumber numberWithBool:NO], WebKitFrameFlatteningEnabledPreferenceKey, + [NSNumber numberWithBool:YES], WebKitFrameFlatteningEnabledPreferenceKey, nil]; // This value shouldn't ever change, which is assumed in the initialization of WebKitPDFDisplay
Attachments
Add attachment proposed patch, testcase, etc.
Greg Bolsinga
Comment 1 2010-03-31 11:52:46 PDT
See Bug 36798
Kenneth Rohde Christiansen
Comment 2 2010-03-31 12:04:55 PDT
Could you try changing void ScrollView::setHasVerticalScrollbar(bool hasBar) { if (avoidScrollbarCreation()) return; to if (hasBar && avoidScrollbarCreation()) return;
Greg Bolsinga
Comment 3 2010-03-31 12:08:46 PDT
I did that for both tests, and that prevents the crash.
Kenneth Rohde Christiansen
Comment 4 2010-03-31 12:17:53 PDT
Fix landed in r56856
Simon Hausmann
Comment 5 2010-04-06 02:53:41 PDT
Revision r56856 cherry-picked into qtwebkit-2.0 with commit 59daec93fc7ad1f4c5dbeb88b67aca17d6f4cc3b
Alexey Proskuryakov
Comment 6 2010-04-06 11:41:42 PDT
*** Bug 36928 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 7 2010-04-06 11:42:49 PDT
*** Bug 36915 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 8 2010-04-06 11:42:52 PDT
*** Bug 36914 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 9 2010-04-06 11:42:56 PDT
*** Bug 36913 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 10 2010-04-06 11:42:59 PDT
*** Bug 36969 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 11 2010-04-06 11:43:08 PDT
*** Bug 36927 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 12 2010-04-06 11:43:18 PDT
*** Bug 36922 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 13 2010-04-06 11:43:30 PDT
*** Bug 36920 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.