[Webkit-unassigned] [Bug 9952] REGRESSION: Repro crash when dragging an image from the window to the address bar
bugzilla-daemon at opendarwin.org
bugzilla-daemon at opendarwin.org
Wed Jul 19 08:05:30 PDT 2006
http://bugzilla.opendarwin.org/show_bug.cgi?id=9952
------- Comment #6 from opendarwin.org at mitzpettel.com 2006-07-19 08:05 PDT -------
Here's what I've found out so far. The problem happens because the image
document is detached. The detach happens in the ~FrameView destructor (which
contains this comment: "FIXME: Is this really the right place to call detach on
the document?"). The FrameView in question has the same Frame as the FrameView
that is coming in (Frame::setView() does not update the back pointer from the
FrameView to the Frame), and hence the same document. The Iframe in the
reduction serves the sole purpose of not allowing the page to go into the page
cache, thus leading to the FrameView being deref'ed (and destructed) at that
particular point.
I think the fix should be along the lines of addressing the FIXME, but it's
also possible that there's some way to manage the pointers from FrameViews to
Frame to avoid the detach.
--
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list