<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [GTK] Crash at WebCore::FrameView::removeChild()"
href="https://bugs.webkit.org/show_bug.cgi?id=144903">144903</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[GTK] Crash at WebCore::FrameView::removeChild()
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Gtk
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>tpopela@redhat.com
</td>
</tr></table>
<p>
<div>
<pre>Moving from downstream reports[0-2]. Below are truncated backtraces from WK1 (2.4.8) and WK2 (2.6.5). The WK1 crashes are from Evolution (simply opening it was enough to crash it (I was not able to reproduce it)). WK2 crash was probably from Epiphany (opening <a href="http://zyalt.livejournal.com/1259245.html">http://zyalt.livejournal.com/1259245.html</a> and trying to scroll the page).
WK1 backtrace - (full at <a href="https://bugzilla.redhat.com/attachment.cgi?id=978448">https://bugzilla.redhat.com/attachment.cgi?id=978448</a>)
#0 WebCore::FrameView::removeChild (this=0x7f74a412cc00, widget=0x0) at Source/WebCore/page/FrameView.cpp:3984
No locals.
#1 0x0000003781658d8b in WebCore::ScrollView::setHasVerticalScrollbar (this=this@entry=0x7f74a412cc00, hasBar=hasBar@entry=false, contentSizeAffected=contentSizeAffected@entry=0x7fff1c13a920) at Source/WebCore/platform/ScrollView.cpp:125
wasOverlayScrollbar = false
#2 0x000000378165994a in WebCore::ScrollView::updateScrollbars (this=this@entry=0x7f74a412cc00, desiredOffset=...) at Source/WebCore/platform/ScrollView.cpp:609
changeAffectsContentSize = false
sendContentResizedNotification = false
docSize = {m_width = 1, m_height = 8}
fullVisibleSize = <optimized out>
needAnotherPass = true
hasOverlayScrollbars = <optimized out>
hasHorizontalScrollbar = false
vScroll = <optimized out>
newHasHorizontalScrollbar = false
newHasVerticalScrollbar = false
hScroll = <optimized out>
adjustedScrollPosition = {m_x = 87204992, m_y = 0}
oldScrollCornerRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 0, m_height = 0}}
hasVerticalScrollbar = <optimized out>
scrollbarAddedOrRemoved = false
#3 0x000000378165a90b in WebCore::ScrollView::setFrameRect (this=this@entry=0x7f74a412cc00, newRect=...) at Source/WebCore/platform/ScrollView.cpp:956
oldRect = <optimized out>
#4 0x0000003780e7bcf8 in WebCore::FrameView::setFrameRect (this=this@entry=0x7f74a412cc00, newRect=...) at Source/WebCore/page/FrameView.cpp:432
newRect = @0x7fff1c13aa10: {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 1090, m_height = 55}}
this = 0x7f74a412cc00
#5 0x0000003780683f14 in resize (h=55, w=1090, this=0x7f74a412cc00) at Source/WebCore/platform/Widget.h:123
No locals.
#6 resizeWebViewFromAllocation (webView=webView@entry=0x532a480, allocation=allocation@entry=0x7fff1c13aa70, sizeChanged=sizeChanged@entry=true) at Source/WebKit/gtk/webkit/webkitwebview.cpp:881
page = 0x45b3ca0
oldSize = {m_width = 1, m_height = 1}
frameView = 0x7f74a412cc00
#7 0x000000378068400f in webkitWebViewMap (widget=0x532a480) at Source/WebKit/gtk/webkit/webkitwebview.cpp:920
webView = 0x532a480
allocation = {x = 1, y = 1, width = 1090, height = 55}
#8 0x000000360ce0feb2 in _g_closure_invoke_va (closure=closure@entry=0x1bce620, return_value=return_value@entry=0x0, instance=instance@entry=0x532a480, args=args@entry=0x7fff1c13aca0, n_params=0, param_types=0x0) at gclosure.c:831
marshal = <optimized out>
marshal_data = <optimized out>
in_marshal = 1
real_closure = 0x1bce600
__FUNCTION__ = "_g_closure_invoke_va"
#9 0x000000360ce29b60 in g_signal_emit_valist (instance=0x532a480, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff1c13aca0) at gsignal.c:3218
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x7fff1c13af40, instance = 0x532a480, ihint = {signal_id = 6, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 29806320}
signal_id = 6
instance_type = 29806320
emission_return = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 4
static_scope = 0
fastpath_handler = <optimized out>
closure = 0x1bce620
run_type = <optimized out>
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__FUNCTION__ = "g_signal_emit_valist"
#10 0x000000360ce2a3af in g_signal_emit (instance=instance@entry=0x532a480, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3365
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff1c13ad80, reg_save_area = 0x7fff1c13acc0}}
#11 0x000000377d92c029 in gtk_widget_map (widget=0x532a480) at gtkwidget.c:5045
priv = 0x532a3a0
__FUNCTION__ = "gtk_widget_map"
#12 0x000000377d8641fe in gtk_scrolled_window_forall (container=0x5691530, include_internals=1, callback=0x377d73d270 <gtk_container_map_child>, callback_data=0x0) at gtkscrolledwindow.c:1786
priv = <optimized out>
scrolled_window = <optimized out>
__FUNCTION__ = "gtk_scrolled_window_forall"
#13 0x000000377d7408bf in gtk_container_map (widget=0x5691530) at gtkcontainer.c:3445
No locals.
#14 0x000000377d863e51 in gtk_scrolled_window_map (widget=0x5691530) at gtkscrolledwindow.c:3165
scrolled_window = 0x5691530
WK2 backtrace - (full at <a href="https://bugzilla.redhat.com/attachment.cgi?id=982121">https://bugzilla.redhat.com/attachment.cgi?id=982121</a>)
0 WebCore::FrameView::removeChild (this=0x7f0e403af400, widget=0x0) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/page/FrameView.cpp:4271
No locals.
#1 0x00007f0e6bfc5730 in WebCore::ScrollView::setHasHorizontalScrollbar (this=this@entry=0x7f0e403af400, hasBar=hasBar@entry=false, contentSizeAffected=contentSizeAffected@entry=0x7ffff277b730) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/platform/ScrollView.cpp:99
wasOverlayScrollbar = false
#2 0x00007f0e6bfc75dd in WebCore::ScrollView::updateScrollbars (this=this@entry=0x7f0e403af400, desiredOffset=...) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/platform/ScrollView.cpp:633
changeAffectsContentSize = false
sendContentResizedNotification = false
docSize = {m_width = 0, m_height = 0}
cMaxUpdateScrollbarsPass = <optimized out>
fullVisibleSize = <optimized out>
needAnotherPass = true
hasOverlayScrollbars = <optimized out>
hasHorizontalScrollbar = true
vScroll = <optimized out>
newHasHorizontalScrollbar = false
newHasVerticalScrollbar = false
hScroll = <optimized out>
adjustedScrollPosition = {m_x = -227035312, m_y = 32767}
oldScrollCornerRect = {m_location = {m_x = -13, m_y = -13}, m_size = {m_width = 13, m_height = 13}}
hasVerticalScrollbar = <optimized out>
scrollbarAddedOrRemoved = false
#3 0x00007f0e6bfc963c in WebCore::ScrollView::setContentsSize (this=this@entry=0x7f0e403af400, newSize=...) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/platform/ScrollView.cpp:385
newSize = <optimized out>
this = 0x7f0e403af400
#4 0x00007f0e6bf50f10 in WebCore::FrameView::setContentsSize (this=this@entry=0x7f0e403af400, size=...) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/page/FrameView.cpp:554
page = 0x0
#5 0x00007f0e6bf51074 in WebCore::FrameView::adjustViewSize (this=this@entry=0x7f0e403af400) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/page/FrameView.cpp:584
renderView = <optimized out>
rect = <optimized out>
size = @0x7ffff277b800: {m_width = 0, m_height = 0}
#6 0x00007f0e6bf51540 in WebCore::FrameView::layout (this=0x7f0e403af400, allowSubtree=<optimized out>) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/page/FrameView.cpp:1332
cookie = {m_instrumentingAgents = {m_ptr = 0x0}, m_timelineAgentId = 0}
subtree = <optimized out>
root = 0x7f0de83c1800
layoutPhaseRestorer = {m_scopedVariable = @0x7f0e403af588, m_originalValue = (anonymous namespace)::FrameView::OutsideLayout}
inChildFrameLayoutWithFrameFlattening = false
layer = 0x7f0dea8b6120
neededFullRepaint = false
protect = {m_ptr = 0x7f0e403af400}
changeInProgrammaticScroll = {m_scopedVariable = @0x7f0e403af681, m_originalValue = <optimized out>}
#7 0x00007f0e6bfd492d in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f0e501266e0) at /usr/src/debug/webkitgtk-2.6.4/Source/WebCore/platform/ThreadTimers.cpp:132
timer = 0x7f0e403af528
interval = 0
fireTime = 3870.6213769999999
timeToQuit = 3870.6713770000001
this = 0x7f0e501266e0
#8 0x00007f0e6a31ada1 in WTF::GMainLoopSource::voidCallback (this=0x7f0e6d5581c0 <WebCore::gSharedTimer>) at /usr/src/debug/webkitgtk-2.6.4/Source/WTF/wtf/gobject/GMainLoopSource.cpp:364
context = {source = {m_ptr = 0x3a36f60}, cancellable = {m_ptr = 0x0}, socketCancellable = {m_ptr = 0x0}, voidCallback = {<std::_Maybe_unary_or_binary_function<void>> = {<No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7f0e6bfd4940 <WebCore::ThreadTimers::sharedTimerFired()>, _M_const_object = 0x7f0e6bfd4940 <WebCore::ThreadTimers::sharedTimerFired()>, _M_function_pointer = 0x7f0e6bfd4940 <WebCore::ThreadTimers::sharedTimerFired()>, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7f0e6bfd4940 <WebCore::ThreadTimers::sharedTimerFired()>, this adjustment 514508593}, _M_pod_data = "@I\375k\016\177\000\000\061\307\252\036\000\000\000"}, _M_manager = 0x7f0e6c34d090 <std::_Function_base::_Base_manager<void (*)()>::_M_manager(std::_Any_data&, std::_Any_data const&, std::_Manager_oper
#9 0x00007f0e6a315fca in WTF::GMainLoopSource::voidSourceCallback (source=<optimized out>) at /usr/src/debug/webkitgtk-2.6.4/Source/WTF/wtf/gobject/GMainLoopSource.cpp:454
No locals.
#10 0x00007f0e6a31602f in operator() (__closure=0x0, userData=<optimized out>, callback=<optimized out>, source=0x3a36f60) at /usr/src/debug/webkitgtk-2.6.4/Source/WTF/wtf/gobject/GMainLoopSource.cpp:247
repeat = <optimized out>
#11 WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer) () at /usr/src/debug/webkitgtk-2.6.4/Source/WTF/wtf/gobject/GMainLoopSource.cpp:251
No locals.
#12 0x00007f0e6786eaeb in g_main_dispatch (context=0x1dcfb90) at gmain.c:3111
dispatch = 0x7f0e6a316020 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)>
prev_source = 0x0
was_in_call = 0
user_data = 0x7f0e6d5581c0 <WebCore::gSharedTimer>
callback = 0x7f0e6a315fc0 <WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*)>
cb_funcs = 0x7f0e67b5c8c0 <g_source_callback_funcs>
cb_data = 0x3a33570
need_destroy = <optimized out>
source = 0x3a36f60
current = 0x1db9ab0
i = 0
#13 g_main_context_dispatch (context=context@entry=0x1dcfb90) at gmain.c:3710
No locals.
#14 0x00007f0e6786ee88 in g_main_context_iterate (context=0x1dcfb90, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3781
max_priority = 120
timeout = 0
some_ready = 1
nfds = <optimized out>
allocated_nfds = 5
fds = 0x2456390
#15 0x00007f0e6786f1b2 in g_main_loop_run (loop=0x1e61380) at gmain.c:3975
__FUNCTION__ = "g_main_loop_run"
#16 0x00007f0e6b8abbe9 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=<optimized out>) at /usr/src/debug/webkitgtk-2.6.4/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
childMain = {<WebKit::ChildProcessMainBase> = {_vptr.ChildProcessMainBase = 0x7f0e6d3baf10 <vtable for WebKit::WebProcessMain+16>, m_parameters = {uiProcessName = {m_impl = {m_ptr = 0x0}}, clientIdentifier = {m_impl = {m_ptr = 0x0}}, connectionIdentifier = 45, extraInitializationData = {m_impl = {static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}}}, <No data fields>}
#17 0x00007f0e6a658fe0 in __libc_start_main (main=0x400780 <main(int, char**)>, argc=2, argv=0x7ffff277bc88, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffff277bc78) at libc-start.c:289
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 7287830293301919461, 4196267, 140737261321344, 0, 0, -7287818819679584539, -7260005729635434779}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x4008b0 <__libc_csu_init>, 0x7ffff277bc88}, data = {prev = 0x0, cleanup = 0x0, canceltype = 4196528}}}
not_first_call = <optimized out>
#18 0x00000000004007d4 in _start ()
[0] - <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1219986">https://bugzilla.redhat.com/show_bug.cgi?id=1219986</a> (WK1)
[1] - <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1184307">https://bugzilla.redhat.com/show_bug.cgi?id=1184307</a> (WK2)
[2] - <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1180784">https://bugzilla.redhat.com/show_bug.cgi?id=1180784</a> (WK1)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>