Bug 54213 - REGRESSION (r78198): Crash in FindIndicator::contentImage when scrolling page
Summary: REGRESSION (r78198): Crash in FindIndicator::contentImage when scrolling page
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P2 Normal
Assignee: Adam Roben (:aroben)
URL: data:text/html,<div style="height:300...
Keywords: InRadar, PlatformOnly, Regression
Depends on:
Blocks:
 
Reported: 2011-02-10 08:20 PST by Adam Roben (:aroben)
Modified: 2011-02-10 11:28 PST (History)
2 users (show)

See Also:


Attachments
Handle a null FindIndicator correctly (12.33 KB, patch)
2011-02-10 08:32 PST, Adam Roben (:aroben)
sfalken: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2011-02-10 08:20:45 PST
To reproduce:

1. Go to data:text/html,<div style="height:3000px">test test
2. Search for "test" so the find indicator appears
3. Scroll the page

You'll crash. The crashing line of code is in WebView::setFindIndicator:

    ShareableBitmap* contentImage = findIndicator->contentImage();

findIndicator is null. Here's the backtrace:

 	WebKit.dll!WTF::RefPtr<WebKit::ShareableBitmap>::get()  Line 60 + 0x11 bytes	C++
 	WebKit.dll!WebKit::FindIndicator::contentImage()  Line 53 + 0x19 bytes	C++
>	WebKit.dll!WebKit::WebView::setFindIndicator(WTF::PassRefPtr<WebKit::FindIndicator> prpFindIndicator={...}, bool fadeOut=false)  Line 1073 + 0xf bytes	C++
 	WebKit.dll!WebKit::WebPageProxy::setFindIndicator(const WebCore::FloatRect & selectionRectInWindowCoordinates={...}, const WTF::Vector<WebCore::FloatRect,0> & textRectsInSelectionRectCoordinates=[0](), const WebKit::SharedMemory::Handle & contentImageHandle={...}, bool fadeOut=false)  Line 1992	C++
 	WebKit.dll!CoreIPC::callMemberFunction<WebKit::WebPageProxy,void (__thiscall WebKit::WebPageProxy::*)(WebCore::FloatRect const &,WTF::Vector<WebCore::FloatRect,0> const &,WebKit::SharedMemory::Handle const &,bool),WebCore::FloatRect,WTF::Vector<WebCore::FloatRect,0>,WebKit::SharedMemory::Handle,bool>(const CoreIPC::Arguments4<WebCore::FloatRect,WTF::Vector<WebCore::FloatRect,0>,WebKit::SharedMemory::Handle,bool> & args={...}, WebKit::WebPageProxy * object=0x06ea9a48, void (const WebCore::FloatRect &, const WTF::Vector<WebCore::FloatRect,0> &, const WebKit::SharedMemory::Handle &, bool)* function=0x03810b4a)  Line 37 + 0x24 bytes	C++
 	WebKit.dll!CoreIPC::handleMessage<Messages::WebPageProxy::SetFindIndicator,WebKit::WebPageProxy,void (__thiscall WebKit::WebPageProxy::*)(WebCore::FloatRect const &,WTF::Vector<WebCore::FloatRect,0> const &,WebKit::SharedMemory::Handle const &,bool)>(CoreIPC::ArgumentDecoder * argumentDecoder=0x09a1e4b0, WebKit::WebPageProxy * object=0x06ea9a48, void (const WebCore::FloatRect &, const WTF::Vector<WebCore::FloatRect,0> &, const WebKit::SharedMemory::Handle &, bool)* function=0x03810b4a)  Line 246 + 0x15 bytes	C++
 	WebKit.dll!WebKit::WebPageProxy::didReceiveWebPageProxyMessage(CoreIPC::Connection * __formal=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0)  Line 273 + 0x2f bytes	C++
 	WebKit.dll!WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0)  Line 1187	C++
 	WebKit.dll!WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0)  Line 245	C++
 	WebKit.dll!CoreIPC::Connection::dispatchMessages()  Line 450 + 0x31 bytes	C++
 	WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute()  Line 76 + 0x10 bytes	C++
 	WebKit.dll!RunLoop::performWork()  Line 63 + 0x1a bytes	C++
 	WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x000f0aec, unsigned int message=1025, unsigned int wParam=115583784, long lParam=0)  Line 57	C++
 	WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x000f0aec, unsigned int message=1025, unsigned int wParam=115583784, long lParam=0)  Line 39 + 0x18 bytes	C++
Comment 1 Adam Roben (:aroben) 2011-02-10 08:21:24 PST
<rdar://problem/8983261>
Comment 2 Adam Roben (:aroben) 2011-02-10 08:32:37 PST
Created attachment 81985 [details]
Handle a null FindIndicator correctly
Comment 3 Adam Roben (:aroben) 2011-02-10 11:28:21 PST
Committed r78251: <http://trac.webkit.org/changeset/78251>