[Webkit-unassigned] [Bug 55865] New: Crash on quit when JS is paused in Web Inspector

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 7 02:13:55 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=55865

           Summary: Crash on quit when JS is paused in Web Inspector
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: m.malecki at samsung.com
                CC: l.slachciak at samsung.com


The crash happens when Web Inspector is on and javascript is paused. In this case, the debugger calls WebCore::ScriptDebugServer::pauseIfNeeded(), and inside it enters another level of event loop. The problem is that once the loop is exited, the state of data, especially *page->group()->pages().begin(), is unstable, and this page is probably during destruction process or it may even be a dangling pointer. This way, when setJavaScriptPaused with this page results in crash.

I suspect the system doesn't predict that the event loop may happen to be exited in this function instead of the main event loop in the application that uses webkit.

This behavior can be reproduced with WebKit-efl, as well as with Arora [Webkit-Qt] (although I haven't observed it with Rekonq [Webkit-KDE]):

1. Run Arora with any page (preferably under gdb because without it the crash may be unable to be observed)
2. Open Web Inspector
3. Click "Scripts" and pause javascript (make sure that you can see the backtrace)
4. Close the Arora window

I know you can think that it's insignificant that a crash happens when you close the program. The problem is, though, that this problem occurs also when you close a widget realized by WRT engine, and in this case the whole WRT engine crashes, not only the widget being closed.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list