[webkit-reviews] review granted: [Bug 18803] CRASH:
ContainerNode::willRemove() called on deleted node :
[Attachment 20904] First pass fix
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 1 09:56:44 PDT 2008
Darin Adler <darin at apple.com> has granted Eric Seidel <eric at webkit.org>'s
request for review:
Bug 18803: CRASH: ContainerNode::willRemove() called on deleted node
http://bugs.webkit.org/show_bug.cgi?id=18803
Attachment 20904: First pass fix
http://bugs.webkit.org/attachment.cgi?id=20904&action=edit
------- Additional Comments from Darin Adler <darin at apple.com>
This looks good. It's great that it fixes the crash. I worry that the
willRemoveChild could still be used to make an infinite loop.
+ for (RefPtr<Node> n = m_firstChild; m_firstChild; n = m_firstChild) {
I can't see any reason to not write this as:
while (RefPtr<Node> n = m_firstChild)
+ // children), so we keep n in a RefPtr, lest n->nextSibling() crash
(18803)
I don't think the bug number is really all that valuable, not the specific
"lest n->nextSibling() crash".
Maybe the png files should have more generic names. Do we really need two
separate images for this? Is there a way to make the timing right for the crash
without having images?
More information about the webkit-reviews
mailing list