Fix crash on wxWebViewWebKit window destruction.

We were getting crashes due to using methods of already half-destroyed object
when wxWebView window was destroyed in wxGTK, with the following abbreviated
stack:

 #0  wxgtk_webview_webkit_load_status (widget=0x12eb380, webKitCtrl=0x13ee040) at src/gtk/webview_webkit.cpp:38
...
 #8  0x00007ffff05ca281 in dispatchDidFailLoad (error=..., this=0x7fffe32db900) at ../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:1054
 #9  WebKit::FrameLoaderClient::dispatchDidFailLoad (this=0x7fffe32db900, error=...) at ../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:1049
 #10 0x00007ffff0b0de54 in WebCore::FrameLoader::checkLoadCompleteForThisFrame (this=0x7fffe3221b70) at ../Source/WebCore/loader/FrameLoader.cpp:2128
 #11 0x00007ffff0b0cfde in WebCore::FrameLoader::checkLoadComplete (this=<optimized out>) at ../Source/WebCore/loader/FrameLoader.cpp:2370
 #12 0x00007ffff0b0a3b2 in WebCore::FrameLoader::receivedMainResourceError (this=0x7fffe3221b70, error=..., isComplete=true) at ../Source/WebCore/loader/FrameLoader.cpp:2640
 #13 0x00007ffff0b423b7 in cancel (error=..., this=0x7fffe3279680) at ../Source/WebCore/loader/ResourceLoader.cpp:399
 #14 WebCore::ResourceLoader::cancel (this=0x7fffe3279680, error=...) at ../Source/WebCore/loader/ResourceLoader.cpp:353
 #15 0x00007ffff0b420c0 in WebCore::ResourceLoader::cancel (this=<optimized out>) at ../Source/WebCore/loader/ResourceLoader.cpp:350
 #16 0x00007ffff0afda9e in WebCore::DocumentLoader::stopLoading (this=0x7fffa081d800) at ../Source/WebCore/loader/DocumentLoader.cpp:258
 #17 0x00007ffff0b09561 in stopAllLoaders (clearProvisionalItemPolicy=WebCore::ShouldClearProvisionalItem, this=0x7fffe3221b70) at ../Source/WebCore/loader/FrameLoader.cpp:1523
 #18 WebCore::FrameLoader::stopAllLoaders (this=0x7fffe3221b70, clearProvisionalItemPolicy=WebCore::ShouldClearProvisionalItem) at ../Source/WebCore/loader/FrameLoader.cpp:1501
 #19 0x00007ffff0b0d17a in WebCore::FrameLoader::stopForUserCancel (this=0x7fffe3221b70, deferCheckLoadComplete=false) at ../Source/WebCore/loader/FrameLoader.cpp:1541
 #20 0x00007ffff05f3a36 in webkit_web_view_dispose (object=0x12eb380) at ../Source/WebKit/gtk/webkit/webkitwebview.cpp:1327
 #21 0x00007ffff27ff7a0 in g_object_run_dispose (object=0x12eb380) at /tmp/buildd/glib2.0-2.32.3/./gobject/gobject.c:1061
 #22 0x00007ffff4476c1e in gtk_scrolled_window_forall (container=0x7fff9c007d10, include_internals=0, callback=0x7ffff452cd20 <IA__gtk_widget_destroy>, callback_data=0x0)
     at /tmp/buildd/gtk+2.0-2.24.10/gtk/gtkscrolledwindow.c:1085
 #23 0x00007ffff439872f in gtk_container_destroy (object=0x7fff9c007d10) at /tmp/buildd/gtk+2.0-2.24.10/gtk/gtkcontainer.c:1073
...
 #28 0x00007ffff443cd60 in gtk_object_dispose (gobject=0x7fff9c007d10) at /tmp/buildd/gtk+2.0-2.24.10/gtk/gtkobject.c:421
 #29 0x00007ffff27ff7a0 in g_object_run_dispose (object=0x7fff9c007d10) at /tmp/buildd/glib2.0-2.32.3/./gobject/gobject.c:1061
 #30 0x00007ffff6cb65ac in wxWindow::~wxWindow (this=0x13ee040, __in_chrg=<optimized out>) at src/gtk/window.cpp:2367
 #31 0x00007ffff6d71241 in wxControlBase::~wxControlBase (this=0x13ee040, __in_chrg=<optimized out>) at src/common/ctrlcmn.cpp:49
 #32 0x00000000005cf761 in wxControl::~wxControl (this=0x13ee040, __in_chrg=<optimized out>) at include/wx/gtk/control.h:27
 #33 0x00007ffff7bd1eae in wxWebView::~wxWebView (this=0x13ee040, __in_chrg=<optimized out>) at include/wx/webview.h:96
 #34 0x00007ffff7bd3443 in wxWebViewWebKit::~wxWebViewWebKit (this=0x13ee040, __in_chrg=<optimized out>) at include/wx/gtk/webview_webkit.h:26
 #35 0x00007ffff7bd34ae in wxWebViewWebKit::~wxWebViewWebKit (this=0x13ee040, __in_chrg=<optimized out>) at include/wx/gtk/webview_webkit.h:26

Fix this by setting m_isBeingDeleted flag for wxWebViewWebKit early and
checking it in the callback.

git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@72173 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
This commit is contained in:
Vadim Zeitlin 2012-07-23 15:03:05 +00:00
parent a9c5eac9e4
commit c3980646f6
2 changed files with 16 additions and 0 deletions

View File

@ -47,6 +47,8 @@ public:
const wxSize& size = wxDefaultSize, long style = 0,
const wxString& name = wxWebViewNameStr);
virtual ~wxWebViewWebKit();
virtual bool Enable( bool enable = true );
// implementation

View File

@ -32,6 +32,11 @@ wxgtk_webview_webkit_load_status(GtkWidget* widget,
GParamSpec*,
wxWebViewWebKit *webKitCtrl)
{
// We can be called from webkit_web_view_dispose() during the window
// destruction, don't use half-destroyed object in this case.
if ( webKitCtrl->IsBeingDeleted() )
return;
wxString url = webKitCtrl->GetCurrentURL();
WebKitLoadStatus status;
@ -447,6 +452,15 @@ bool wxWebViewWebKit::Create(wxWindow *parent,
return true;
}
wxWebViewWebKit::~wxWebViewWebKit()
{
// The main goal here is to set m_isBeingDeleted to true to avoid the use
// of this -- already half-destroyed -- object from WebKit callbacks, but
// just setting it would prevent wxWindowDestroyEvent from being sent, so
// send it now instead.
SendDestroyEvent();
}
bool wxWebViewWebKit::Enable( bool enable )
{
if (!wxControl::Enable(enable))