[Webkit-unassigned] [Bug 139740] New: Web Inspector: [Mac] Occosional Crashes Closing Inspector

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 17 12:12:25 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=139740

            Bug ID: 139740
           Summary: Web Inspector: [Mac] Occosional Crashes Closing
                    Inspector
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Inspector
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: andersca at apple.com, ap at webkit.org, enrica at apple.com,
                    graouts at webkit.org, joepeck at webkit.org,
                    jonowells at apple.com, mattbaker at apple.com,
                    nvasilyev at apple.com, timothy at apple.com,
                    webkit-bug-importer at group.apple.com

* SUMMARY
I've been able to hit some crashes when closing Inspector Windows and using Guard Malloc.

* STEPS TO REPRODUCE
1. shell> DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib run-safari
2. Open http://bogojoker.com
3. Rapidly open/close inspector windows (e.g. hold down Cmd+Shift+I and Cmd+W occasionally when inspector window is focused)
  => Crash

* NOTES
Two frequent crash points:

(1) In WebInspectorProxy::inspectorWindowFrame using destroyed WebInspectorProxy as the client of the WKView's Page. This was because we were clearing our reference to the WKWebInspectorWKView, but it was actually kept alive by a dispatch in WKView, the WebInspectorProxy was destroyed, but still had a weak reference in the UIClient.

    - (void)_updateWindowAndViewFrames
    {
        ...
        dispatch_async(dispatch_get_main_queue(), ^{
            ...
            _data->_page->windowAndViewFramesChanged(viewFrameInWindowCoordinates, accessibilityPosition);
        });
    }

(2) In WebPageProxy::didReceiveEvent. While handling a keypress, the WebPageProxy is destroyed, and we continue and use bad objects.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141217/8c0baf47/attachment-0002.html>

More information about the webkit-unassigned mailing list