[Webkit-unassigned] [Bug 60618] New: WebView::performLayeredWindowUpdate() crashes with NULL pointer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 11 03:26:14 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=60618

           Summary: WebView::performLayeredWindowUpdate() crashes with
                    NULL pointer
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows 7
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: wolf.heiner at gmail.com


m_backingStoreBitmap can be NULL causing ->handle() to fail. This happens when I resize (quickly?) to (0,0). I am using a sizer-div and move it quickly to the topleft corner of the window and beyond. The sizer-div calls ::MoveWindow(). The crash does not always happen. Maybe it's a timing issue. If I resize slowly, then it does not crash. This lets me assume, that it only happens, when there comes a second ::MoveWindow(width=0,height=0) after sizing to (0,0). Maybe m_backingStoreBitmap is discarded for size (0,0). WebView::performLayeredWindowUpdate() should probably have a if(m_backingStoreBitmap!=NULL), anyway.

http://svn.webkit.org/repository/webkit/trunk
Revision: 85004

Method:
  void WebView::performLayeredWindowUpdate()
crashes when accessing
  m_backingStoreBitmap->handle()
with 
  m_backingStoreBitmap = 0


Stack trace:
>	WebKit_debug.dll!WebCore::RefCountedGDIHandle<HBITMAP__ *>::handle()  Line 51 + 0x3 bytes	C++
     WebKit_debug.dll!WebView::performLayeredWindowUpdate()  Line 1001 + 0x12 bytes    C++
     WebKit_debug.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x000b0b78, unsigned int message=15, unsigned int wParam=0, long lParam=0)  Line 2130    C++
     user32.dll!76bcc4e7()     
     [Frames below may be incorrect and/or missing, no symbols loaded for user32.dll]    
     user32.dll!76bc5f9f()     
     user32.dll!76bcc590()     
     user32.dll!76bc4f0e()     
     user32.dll!76bc4f7d()     
     ntdll.dll!77816fee()     
     user32.dll!76bc4ec3()     
     user32.dll!76bc1be4()     
     user32.dll!76bbffcd()     
     WebKit_debug.dll!WebView::repaint(const WebCore::IntRect & windowRect={...}, bool contentChanged=false, bool immediate=true, bool repaintContentOnly=false)  Line 756 + 0xf bytes    C++
     WebKit_debug.dll!WebChromeClient::invalidateWindow(const WebCore::IntRect & windowRect={...}, bool immediate=true)  Line 470    C++
     WebKit_debug.dll!WebCore::Chrome::invalidateWindow(const WebCore::IntRect & updateRect={...}, bool immediate=true)  Line 71 + 0x20 bytes    C++
     WebKit_debug.dll!WebCore::ScrollView::scrollContents(const WebCore::IntSize & scrollDelta={...})  Line 663 + 0x3f bytes    C++
     WebKit_debug.dll!WebCore::ScrollView::scrollTo(const WebCore::IntSize & newOffset={...})  Line 366    C++
     WebKit_debug.dll!WebCore::FrameView::scrollTo(const WebCore::IntSize & newOffset={...})  Line 2109    C++
     WebKit_debug.dll!WebCore::ScrollView::setScrollOffset(const WebCore::IntPoint & offset={...})  Line 351 + 0x17 bytes    C++
     WebKit_debug.dll!WebCore::ScrollableArea::setScrollOffsetFromAnimation(const WebCore::IntPoint & offset={...})  Line 133 + 0x13 bytes    C++
     WebKit_debug.dll!WebCore::ScrollAnimator::notityPositionChanged()  Line 130    C++
     WebKit_debug.dll!WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation(const WebCore::FloatPoint & offset={...})  Line 80 + 0xf bytes    C++
     WebKit_debug.dll!WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(const WebCore::FloatPoint & offset={...})  Line 97 + 0x21 bytes    C++
     WebKit_debug.dll!WebCore::ScrollView::updateScrollbars(const WebCore::IntSize & desiredOffset={...})  Line 592    C++
     WebKit_debug.dll!WebCore::ScrollView::setScrollPosition(const WebCore::IntPoint & scrollPoint={...})  Line 402    C++
     WebKit_debug.dll!WebCore::FrameView::setScrollPosition(const WebCore::IntPoint & scrollPoint={...})  Line 1457    C++
     WebKit_debug.dll!WebCore::RenderLayer::scrollRectToVisible(const WebCore::IntRect & rect={...}, bool scrollToAnchor=false, const WebCore::ScrollAlignment & alignX={...}, const WebCore::ScrollAlignment & alignY={...})  Line 1482    C++
     WebKit_debug.dll!WebCore::RenderLayer::autoscroll()  Line 1586    C++
     WebKit_debug.dll!WebCore::RenderBox::autoscroll()  Line 660    C++
     WebKit_debug.dll!WebCore::EventHandler::autoscrollTimerFired(WebCore::Timer<WebCore::EventHandler> * __formal=0x032a42b0)  Line 798 + 0x21 bytes    C++
     WebKit_debug.dll!WebCore::Timer<WebCore::EventHandler>::fired()  Line 100 + 0x23 bytes    C++
     WebKit_debug.dll!WebCore::ThreadTimers::sharedTimerFiredInternal()  Line 112 + 0xf bytes    C++
     WebKit_debug.dll!WebCore::ThreadTimers::sharedTimerFired()  Line 91    C++
     WebKit_debug.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00040a4c, unsigned int message=49797, unsigned int wParam=0, long lParam=0)  Line 103 + 0x8 bytes    C++

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list