[Webkit-unassigned] [Bug 26983] New: tst_qwebpage segfaults

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jul 5 13:01:20 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=26983

           Summary: tst_qwebpage segfaults
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: robert at roberthogan.net


Created an attachment (id=32280)
 --> (https://bugs.webkit.org/attachment.cgi?id=32280)
bt

Running tst_qwebpage gives:

********* Start testing of tst_QWebPage *********
Config: Using QTest library 4.5.0, Qt 4.5.0
PASS   : tst_QWebPage::initTestCase()
PASS   : tst_QWebPage::acceptNavigationRequest()
PASS   : tst_QWebPage::loadFinished()
PASS   : tst_QWebPage::acceptNavigationRequestWithNewWindow()
ASSERTION FAILED: m_frame->view() == this
(../../../WebCore/page/FrameView.cpp:493 void WebCore::FrameView::layout(bool))

The backtrace shows that the Frame is still being created at this point. 
(gdb) bt
bt
#0  0xb7522b58 in WebCore::FrameView::layout (this=0x9f28c28,
allowSubtree=true) at ../../../WebCore/page/FrameView.cpp:493
#1  0xb75235b6 in WebCore::FrameView::visibleContentsResized (this=0x9f28c28)
at ../../../WebCore/page/FrameView.h:215
#2  0xb759a306 in WebCore::ScrollView::updateScrollbars (this=0x9f28c28,
desiredOffset=@0xbffc18c4) at ../../../WebCore/platform/ScrollView.cpp:353
#3  0xb759b4ad in WebCore::ScrollView::setFixedLayoutSize (this=0x9f28c28,
newSize=@0xbffc1994) at ../../../WebCore/platform/ScrollView.cpp:199
#4  0xb7515923 in WebCore::Frame::createView (this=0x9e5c9d8,
viewportSize=@0xbffc19a4, backgroundColor=@0xbffc199c, transparent=false,
fixedLayoutSize=@0xbffc1994, useFixedLayout=false,
horizontalScrollbarMode=WebCore::ScrollbarAuto,
verticalScrollbarMode=WebCore::ScrollbarAuto) at
../../../WebCore/page/Frame.cpp:1757

In fact createView() calls setFixedLayoutSize() before it calls
setView(frameView):

    setView(0);

    RefPtr<FrameView> frameView;
    if (isMainFrame) {
        frameView = FrameView::create(this, viewportSize);
        frameView->setFixedLayoutSize(fixedLayoutSize);
        frameView->setUseFixedLayout(useFixedLayout);
    } else
        frameView = FrameView::create(this);

    frameView->setScrollbarModes(horizontalScrollbarMode,
verticalScrollbarMode);
    frameView->updateDefaultScrollbarState();

    setView(frameView);

Calling setView(frameView) before the layout calls causes numerous other cases
in the qwebpage unit test to fail and times out the one that segfaults. So the
answer seems to be to cater for this specific call chain in
FrameView::layout():

    /* The call to setFixedLayoutSize() in Frame::createView can bring us here,
and at that point the
       frame's view is still 0. */
    if (!m_frame->view())
        return;

    ASSERT(m_frame->view() == this);

My patch removes the comment and if statement from
http://trac.webkit.org/changeset/29878 because it now appears to be redundant.
The ASSERT above that it was intended to replace is currently un-commented in
the code.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list