[webkit-reviews] review canceled: [Bug 86035] Crash in FrameView::windowClipRectForFrameOwner after r116371 : [Attachment 141050] Proposed blind fix. Added a NULL-check.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 10 07:57:52 PDT 2012
Julien Chaffraix <jchaffraix at webkit.org> has canceled Julien Chaffraix
<jchaffraix at webkit.org>'s request for review:
Bug 86035: Crash in FrameView::windowClipRectForFrameOwner after r116371
https://bugs.webkit.org/show_bug.cgi?id=86035
Attachment 141050: Proposed blind fix. Added a NULL-check.
https://bugs.webkit.org/attachment.cgi?id=141050&action=review
------- Additional Comments from Julien Chaffraix <jchaffraix at webkit.org>
(In reply to comment #3)
> Have you tried using the beforeload event on the <object> element to screw
around with the DOM below FrameView::updateWidget ?
I haven't as I didn't know this code enough to create a test on the spot. Let
me regroup and come back to you with hopefully a test case!
> Is WebKit::WebPluginContainerImpl::setParent calling this before actually
setting the parent? Is somethign else executing to remove this widget from the
hierarchy before this executes?
It's difficult for me to answer any question without a reproduction (I don't
hide it's a blind fix based on the stack-trace). My understanding is that it's
possible for |parentView| to be NULL (as mentioned in Document.h). The code
prior to r116371 was doing NULL checking the enclosingLayer() which may explain
how they go away with that.
More information about the webkit-reviews
mailing list