[Webkit-unassigned] [Bug 118396] [GTK] crash on WebKit::GtkAdjustmentWatcher::updateAdjustmentsFromScrollbars when destroying a webview
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 23 02:04:11 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=118396
--- Comment #6 from Carlos Garcia Campos <cgarcia at igalia.com> 2013-07-23 02:04:03 PST ---
I've noticed something weird while looking at the GtkAdjustmentWatcher code. The idle source is not correctly reset in some cases, so I'm not sure but the patch attached to bug #119003 could fix this problem.
I think something like this could have happened:
1.- WebView is created
2.- updateAdjustmentsFromScrollbarsLater is called from ChromeClient::contentsSizeChanged. This method also schedules a web view resize
3.- web view size allocate is called before the update scrollbar idle source is called (since resize has higher priority than idle sources)
4.- size allocate calls GtkAdjustmentWatcher::updateAdjustmentsFromScrollbars that resets the idle source without actually destroying the source (see bug #119003)
5.- web view is destroyed and GtkAdjustmentWatcher too.
6.- update adjustments idle source callback is called.
7.- crash!
I guess it doesn't crash earlier because GtkAdjustmentWatcher is stack allocated so the pointer is still valid after it has been deleted.
could someone try the patch in bug #119003 to see if the problem can be still reproduced?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list