[Webkit-unassigned] [Bug 209345] [GTK] Crash in WebKit::WebPageProxy::viewWidget()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 7 14:31:40 PDT 2020


https://bugs.webkit.org/show_bug.cgi?id=209345

--- Comment #4 from Michael Catanzaro <mcatanzaro at gnome.org> ---
OK, so with some help from Jan-Michael, I've managed to reproduce. The error occurs when closing a browser tab that was using AC mode and has had at least one process swap. It only happens when closing a single tab, not when closing the entire browser. 

To reproduce:

 * Build with -DUSE_WPE_RENDERER=OFF (workaround for bug #209118)
 * Open two browser tabs in Epiphany: one www.duckduckgo.com and one www.example.com.
 * Load https://webkit.org/blog-files/3d-transforms/poster-circle.html in the www.duckduckgo.com tab
 * Close the poster circle tab
 * UI process crashes

The example.com tab is just here to ensure we have two tabs and can therefore close the other tab without closing the entire browser.

It seems to require that the process has swapped from one using AC mode to another using AC mode. The reproducer still works if you swap duckduckgo.com with the poster circle page, but using example.com to replace either one of them does not work.

It actually only requires one website using AC mode. You can also reproduce by transitioning the tab from poster circle -> example.com -> back to poster circle -> close the poster circle tab.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200407/6558a545/attachment.htm>


More information about the webkit-unassigned mailing list