To reproduce: 1. Go to data:text/html,<div style="height:3000px">test test 2. Search for "test" so the find indicator appears 3. Scroll the page You'll crash. The crashing line of code is in WebView::setFindIndicator: ShareableBitmap* contentImage = findIndicator->contentImage(); findIndicator is null. Here's the backtrace: WebKit.dll!WTF::RefPtr<WebKit::ShareableBitmap>::get() Line 60 + 0x11 bytes C++ WebKit.dll!WebKit::FindIndicator::contentImage() Line 53 + 0x19 bytes C++ > WebKit.dll!WebKit::WebView::setFindIndicator(WTF::PassRefPtr<WebKit::FindIndicator> prpFindIndicator={...}, bool fadeOut=false) Line 1073 + 0xf bytes C++ WebKit.dll!WebKit::WebPageProxy::setFindIndicator(const WebCore::FloatRect & selectionRectInWindowCoordinates={...}, const WTF::Vector<WebCore::FloatRect,0> & textRectsInSelectionRectCoordinates=[0](), const WebKit::SharedMemory::Handle & contentImageHandle={...}, bool fadeOut=false) Line 1992 C++ WebKit.dll!CoreIPC::callMemberFunction<WebKit::WebPageProxy,void (__thiscall WebKit::WebPageProxy::*)(WebCore::FloatRect const &,WTF::Vector<WebCore::FloatRect,0> const &,WebKit::SharedMemory::Handle const &,bool),WebCore::FloatRect,WTF::Vector<WebCore::FloatRect,0>,WebKit::SharedMemory::Handle,bool>(const CoreIPC::Arguments4<WebCore::FloatRect,WTF::Vector<WebCore::FloatRect,0>,WebKit::SharedMemory::Handle,bool> & args={...}, WebKit::WebPageProxy * object=0x06ea9a48, void (const WebCore::FloatRect &, const WTF::Vector<WebCore::FloatRect,0> &, const WebKit::SharedMemory::Handle &, bool)* function=0x03810b4a) Line 37 + 0x24 bytes C++ WebKit.dll!CoreIPC::handleMessage<Messages::WebPageProxy::SetFindIndicator,WebKit::WebPageProxy,void (__thiscall WebKit::WebPageProxy::*)(WebCore::FloatRect const &,WTF::Vector<WebCore::FloatRect,0> const &,WebKit::SharedMemory::Handle const &,bool)>(CoreIPC::ArgumentDecoder * argumentDecoder=0x09a1e4b0, WebKit::WebPageProxy * object=0x06ea9a48, void (const WebCore::FloatRect &, const WTF::Vector<WebCore::FloatRect,0> &, const WebKit::SharedMemory::Handle &, bool)* function=0x03810b4a) Line 246 + 0x15 bytes C++ WebKit.dll!WebKit::WebPageProxy::didReceiveWebPageProxyMessage(CoreIPC::Connection * __formal=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0) Line 273 + 0x2f bytes C++ WebKit.dll!WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0) Line 1187 C++ WebKit.dll!WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07a140f0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x09a1e4b0) Line 245 C++ WebKit.dll!CoreIPC::Connection::dispatchMessages() Line 450 + 0x31 bytes C++ WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute() Line 76 + 0x10 bytes C++ WebKit.dll!RunLoop::performWork() Line 63 + 0x1a bytes C++ WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x000f0aec, unsigned int message=1025, unsigned int wParam=115583784, long lParam=0) Line 57 C++ WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x000f0aec, unsigned int message=1025, unsigned int wParam=115583784, long lParam=0) Line 39 + 0x18 bytes C++
<rdar://problem/8983261>
Created attachment 81985 [details] Handle a null FindIndicator correctly
Committed r78251: <http://trac.webkit.org/changeset/78251>