[Webkit-unassigned] [Bug 129147] Fix crash in Youtube site when loading is finished.

Mon Feb 24 21:20:34 PST 2014

https://bugs.webkit.org/show_bug.cgi?id=129147

--- Comment #9 from Joonghun Park <jh718.park at samsung.com>  2014-02-24 21:17:41 PST ---
The crash's cause is as below:
1. In ViewportStyleResolver::resolve(), m_document->updateViewportArguments() is called and in there, forcelayout() is called sequentially, and it leads to the deletion of the ViewportStyleResolver itself.
2. This time, the remained statement in ViewportStyleResolver::resolve(),
i.e. m_propertySet = 0;
is called. It means the access to already deleted ViewportStyleResolver instance's member variable.

It means that with some conditions, the log is displayed as below
When I put the logs in ViewportStyleResolver::resolve()'s start and end part, 
respectively. I would be glad if I can get to know what the condition is exactly.

ViewportStyleResolver::resolve(1) start 
ViewportStyleResolver::resolve(2) start
ViewportStyleResolver::resolve(2) end
ViewportStyleResolver::resolve(1) end

The above sequence cause the deletion of the ViewportStyleResolver even it's member function's execution is not completed yet.

FYI, When I executed EFL MiniBrowser with -r(resolution) 1.0 and iteration try, I couldn't see the webprocess crash sometimes, but more than 2.0 almost always(-r>=2.0). If it's not occured in iOS, then it will be needed to know the difference of efl and iOS in code flow from the statement, 
m_document->updateViewportArguments() in ViewportStyleResolver::resolve().

In the next changeLog and patch, I'll reflect the comment Mr.Simon Fraser have left.

BTW, I have a curiosity. In the first patch, I just only used scheduleRelayout() not with #if PLATFORM(...), and I faced an build error in mac and mac-wk2. Why is it?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.