[webkit-reviews] review requested: [Bug 31998] REGRESSION (r49564): Crash in updateGlobalHistory when running Javascript iBench test : [Attachment 44039] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 30 13:32:22 PST 2009
Adam Roben (aroben) <aroben at apple.com> has asked for review:
Bug 31998: REGRESSION (r49564): Crash in updateGlobalHistory when running
Javascript iBench test
https://bugs.webkit.org/show_bug.cgi?id=31998
Attachment 44039: Patch
https://bugs.webkit.org/attachment.cgi?id=44039&action=review
------- Additional Comments from Adam Roben (aroben) <aroben at apple.com>
Looks like there's a double-delete of the BSTRs here. updateGlobalHistory
creates WebCore::BStrings and passes them to WebNavigationData::createInstance,
which tries to adopt the BSTRs that the BStrings wrap. But the BStrings haven't
given up ownership!
More information about the webkit-reviews
mailing list