[Webkit-unassigned] [Bug 195615] [CoordinatedGraphics] Null dereference in CoordinatedGraphicsLayer::setCoordinatorIncludingSubLayersIfNeeded
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 12 09:24:09 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=195615
--- Comment #3 from Miguel Gomez <magomez at igalia.com> ---
> Testing with: GTK port, trunk at 242761, Debug build
>
> 1) Start MiniBrowser
> 2) Go to https://youtube.com (to enter AC mode)
> 3) Right click menu -> Inspect Element
> 4) Close Web Inspector
> 5) Go back
> 6) Wait for five seconds (to destruct LayerTreeHost)
> 7) Go forward (to YouTube again)
> 8) Right click menu -> Inspect Element
> 9) Web Process crashes
I couldn't reproduce it exactly with those steps. For some reason opening the inspector and the closing it avoids leaving AC mode when going to the previous page. We may have a different issue there.
Anyway, I was able to reproduce it by
- start minibrowser
- go to http://youtube.com and then back
- wait 5 seconds
- open the inspector
The issue is the same. The overlay layers inside PageOverlayController are persistent and when AC is left, their coordinator is set to null. This is expected, and when they are added back to a tree with a valid coordinator, the code in CoordinatedGraphicsLayer::setCoordinatorIncludingSubLayersIfNeeded() will set the appropriate coordinator again.
The thing is that, before a valid coordinator is set again, a new GraphicsLayer is added as child of the overlay layers (inside PageOverlayController::installPageOverlay), and that causes the crash cause the coordinator is null at that point.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190312/deb6e062/attachment.html>
More information about the webkit-unassigned
mailing list