[Webkit-unassigned] [Bug 129784] New: Crash in webkit_web_view_expose_event when using Eclipse

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 5 23:30:59 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=129784

           Summary: Crash in webkit_web_view_expose_event when using
                    Eclipse
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: malaperle at gmail.com


Using Ubuntu 14.04 64 bit (soon to be released), GTK2.
with package libwebkitgtk-1.0-0 (built from webkit 2.3.90)
or using webkit built from SVN (revision 164917).

I originally opened this bug at eclipse.org
https://bugs.eclipse.org/bugs/show_bug.cgi?id=425614

1. Download Eclipse Standard 4.3.2 for linux 64 bit
http://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/kepler/SR2/eclipse-standard-kepler-SR2-linux-gtk-x86_64.tar.gz

2. Start Eclipse with this command: UBUNTU_MENUPROXY=0 SWT_GTK3=0 ./eclipse
3. If this is a new workspace, it should crash after selecting the workspace location (because it tries to display the welcome screen). If the workspace loads, click Help, Welcome in the menu to force the welcome screen to display. The crash should occur.

Back trace:
https://bugs.eclipse.org/bugs/attachment.cgi?id=238944

The crashing code in webkitwebview.cpp looks like this:
    for (int i = 0; i < rectCount; i++) {
        copyRectFromCairoSurfaceToContext(WEBKIT_WEB_VIEW(widget)->priv->backingStore->cairoSurface(),
                                          cr.get(), IntSize(), IntRect(rects.get()[i]));
    }

Basically, in webkit_web_view_expose_event, WEBKIT_WEB_VIEW(widget)->priv->backingStore is null because ChromeClient::widgetSizeChanged doesn't get called...because webView->priv->needsResizeOnMap is false.

I think the issue is in webkit_web_view_size_allocate. It assumes that the size changed to allocate the backing store (through needsResizeOnMap). If I add also set needsResizeOnMap to true when the backing store is null, it works. I'm not sure this is the right solution but hopefully this helps someone develop a real fix.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list