<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[202464] trunk/Source/WebKit2</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/202464">202464</a></dd>
<dt>Author</dt> <dd>bburg@apple.com</dd>
<dt>Date</dt> <dd>2016-06-24 17:36:47 -0700 (Fri, 24 Jun 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>REGRESSION(<a href="http://trac.webkit.org/projects/webkit/changeset/201171">r201171</a>): CRASH at WebKit::WebInspectorProxy::open() + 31 when running inspector layout tests
https://bugs.webkit.org/show_bug.cgi?id=159070
<rdar://problem/26768628>
Reviewed by Joseph Pecoraro.
We have been seeing a few crashes underneath WebInspectorProxy::bringToFront() on the bots.
Previously, this code didn't use m_inspectorPage so there was nothing to null-dereference.
However, it doesn't make sense that we would hit the null dereference here:
- The only caller of bringToFront() on the WebProcess side is InspectorController::show().
It only tries to bring to front if there is already a local frontend connection, which
shouldn't be the case if m_inspectorPage is null.
- It's guarded by m_underTest, which should have been set to true in createInspectorPage().
These clues lead me to believe that we may be improperly tearing down the inspector between tests.
For example, it seems possible that a local frontend connection is not being torn down, so
InspectorController never asks to create a inspector page when the next test calls showWebInspector.
Since this crash is not easy to reproduce, we don't have much to go on. For now, this patch
adds an early return in the case where m_inspectorPage is null when calling open().
* UIProcess/WebInspectorProxy.cpp:
(WebKit::WebInspectorProxy::open):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2UIProcessWebInspectorProxycpp">trunk/Source/WebKit2/UIProcess/WebInspectorProxy.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (202463 => 202464)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2016-06-25 00:03:44 UTC (rev 202463)
+++ trunk/Source/WebKit2/ChangeLog 2016-06-25 00:36:47 UTC (rev 202464)
</span><span class="lines">@@ -1,3 +1,32 @@
</span><ins>+2016-06-24 Brian Burg <bburg@apple.com>
+
+ REGRESSION(r201171): CRASH at WebKit::WebInspectorProxy::open() + 31 when running inspector layout tests
+ https://bugs.webkit.org/show_bug.cgi?id=159070
+ <rdar://problem/26768628>
+
+ Reviewed by Joseph Pecoraro.
+
+ We have been seeing a few crashes underneath WebInspectorProxy::bringToFront() on the bots.
+ Previously, this code didn't use m_inspectorPage so there was nothing to null-dereference.
+
+ However, it doesn't make sense that we would hit the null dereference here:
+
+ - The only caller of bringToFront() on the WebProcess side is InspectorController::show().
+ It only tries to bring to front if there is already a local frontend connection, which
+ shouldn't be the case if m_inspectorPage is null.
+
+ - It's guarded by m_underTest, which should have been set to true in createInspectorPage().
+
+ These clues lead me to believe that we may be improperly tearing down the inspector between tests.
+ For example, it seems possible that a local frontend connection is not being torn down, so
+ InspectorController never asks to create a inspector page when the next test calls showWebInspector.
+
+ Since this crash is not easy to reproduce, we don't have much to go on. For now, this patch
+ adds an early return in the case where m_inspectorPage is null when calling open().
+
+ * UIProcess/WebInspectorProxy.cpp:
+ (WebKit::WebInspectorProxy::open):
+
</ins><span class="cx"> 2016-06-24 Jer Noble <jer.noble@apple.com>
</span><span class="cx">
</span><span class="cx"> Vimeo.com videos do not get playback controls
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessWebInspectorProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/WebInspectorProxy.cpp (202463 => 202464)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/WebInspectorProxy.cpp 2016-06-25 00:03:44 UTC (rev 202463)
+++ trunk/Source/WebKit2/UIProcess/WebInspectorProxy.cpp 2016-06-25 00:36:47 UTC (rev 202464)
</span><span class="lines">@@ -580,6 +580,9 @@
</span><span class="cx"> if (m_underTest)
</span><span class="cx"> return;
</span><span class="cx">
</span><ins>+ if (!m_inspectorPage)
+ return;
+
</ins><span class="cx"> m_isVisible = true;
</span><span class="cx"> m_inspectorPage->process().send(Messages::WebInspectorUI::SetIsVisible(m_isVisible), m_inspectorPage->pageID());
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>