[Webkit-unassigned] [Bug 144903] [GTK] Crash at WebCore::FrameView::removeChild()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 2 02:36:53 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=144903
--- Comment #6 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to Michael Catanzaro from comment #5)
> We have 91 reports of this in Fedora, including 29 reports against 2.18.6.
> None against 2.20 yet, but that's to be expected because that is still in
> updates-testing.
>
> (In reply to Zan Dobersek from comment #2)
> > It can happen, but one would have to try a bit harder to dereference a null
> > pointer into the removeChild() call.
>
> My guess would be the pointer is non-null, but the FrameView has already
> been destroyed.
I don't think that's possible. The FrameView is the main frame one, got in WebPage::setSize() with m_page->mainFrame().view(); Then FrameView::resize() is called which calls FrameView::setFrameRect() that protects this at the beginning, before calling ScrollView::setFrameRect() which is the one calling updateScrollbars().
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180402/2305c152/attachment-0002.html>
More information about the webkit-unassigned
mailing list