Bug 54142 - Crash in DrawingAreaProxyImpl::paint when WKView paints after being resized while hidden
Summary: Crash in DrawingAreaProxyImpl::paint when WKView paints after being resized w...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
: 54247 (view as bug list)
Depends on: 54141
Blocks: 53805
  Show dependency treegraph
 
Reported: 2011-02-09 14:07 PST by Adam Roben (:aroben)
Modified: 2011-02-10 14:52 PST (History)
1 user (show)

See Also:


Attachments
Notice when the backing store goes away after DidSetSize (4.12 KB, patch)
2011-02-09 14:16 PST, Adam Roben (:aroben)
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2011-02-09 14:07:22 PST
If WKView is resized while hidden (and you don't run into bug 54141, because it's been fixed), and is then shown and asked to paint, you'll crash inside DrawingAreaProxyImpl::paint due to a null BackingStore. The crashing line is this:

    m_backingStore->paint(context, rect);

m_backingStore is null. Here's the backtrace:

>	WebKit.dll!WTF::OwnPtr<WebKit::BackingStore>::operator->()  Line 66 + 0x35 bytes	C++
 	WebKit.dll!WebKit::DrawingAreaProxyImpl::paint(HDC__ * context=0xaa011176, const WebCore::IntRect & rect={...}, WebKit::Region & unpaintedRegion={...})  Line 83 + 0x13 bytes	C++
 	WebKit.dll!WebKit::WebView::onPaintEvent(HWND__ * hWnd=0x00120418, unsigned int message=15, unsigned int __formal=0, unsigned int __formal=0, bool & handled=true)  Line 427	C++
 	WebKit.dll!WebKit::WebView::wndProc(HWND__ * hWnd=0x00120418, unsigned int message=15, unsigned int wParam=0, long lParam=0)  Line 127 + 0x1c bytes	C++
 	WebKit.dll!WebKit::WebView::WebViewWndProc(HWND__ * hWnd=0x00120418, unsigned int message=15, unsigned int wParam=0, long lParam=0)  Line 97 + 0x18 bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28 bytes
Comment 1 Adam Roben (:aroben) 2011-02-09 14:08:06 PST
<rdar://problem/8979365>
Comment 2 Adam Roben (:aroben) 2011-02-09 14:16:04 PST
Created attachment 81874 [details]
Notice when the backing store goes away after DidSetSize
Comment 3 Adam Roben (:aroben) 2011-02-10 04:43:16 PST
Committed r78199: <http://trac.webkit.org/changeset/78199>
Comment 4 Anders Carlsson 2011-02-10 14:50:38 PST
*** Bug 54247 has been marked as a duplicate of this bug. ***