[Webkit-unassigned] [Bug 177526] [GTK] Segfault in WebPageProxy::setFindClient()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 27 15:44:23 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=177526
--- Comment #4 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Are there any criticals printed? Still no clue how to reproduce it? Without a reproducer, I think all we can do is speculate.
Speculation: what's probably happening is the WebKitFindController is being reffed somewhere (possibly by PyGObject, for reasons unknown), then the WebKitWebView is destroyed, then the WebKitFindController is unreffed. That should be perfectly legal, but we don't handle that case properly as WebKitFindController's dispose function relies on its WebKitWebView still being alive. (I'm sure we've seen a similar design issue elsewhere in our API before, but I don't remember where.) Anyway, that we could fix by having WebKitFindController set up a GWeakPtr to learn when its WebKitWebView is destroyed; in that case, we just skip the call to WebPageProxy::setFindClient in webkitFindControllerDispose.
But I still don't understand from the backtrace how this is happening. It looks like the WebKitWebView is still alive and emits the load-changed signal, then all of a sudden PyGObject decides to destroy the WebKitFindController. I guess it must be destroying lots of things and have succeeded in destroying the WebKitWebView even before it has finished emitted the load-changed signal. Absolutely no clue what's going on there... maybe you could try roping in the PyGObject developers?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170927/d0731dff/attachment.html>
More information about the webkit-unassigned
mailing list