[webkit-reviews] review denied: [Bug 63483] [WebKit2] Crash loading page that adds/removes frame in DOMContentLoaded/loaded : [Attachment 99012] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 28 17:56:33 PDT 2011
Adam Barth <abarth at webkit.org> has denied Darin Adler <darin at apple.com>'s
request for review:
Bug 63483: [WebKit2] Crash loading page that adds/removes frame in
DOMContentLoaded/loaded
https://bugs.webkit.org/show_bug.cgi?id=63483
Attachment 99012: Patch
https://bugs.webkit.org/attachment.cgi?id=99012&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
It seems from this discussion that this patch isn't correct. If there's a
non-initial document in the frame, then we surely don't want to execute line
233/238, which will get the state machine out of sync with what's actually
going on in the Frame.
However, if your patch works in Debug, then something very strange is going on
because line 233/238 ASSERTs that we're doing a valid state transition, which
means we must be in the CreatingInitialEmptyDocument state. However, that
doesn't make any sense. Something is going wrong more deeply than this patch
suggests.
More information about the webkit-reviews
mailing list