[Webkit-unassigned] [Bug 13250] REGRESSION: Browser crash on clicking back button while at link specified above (inspector: ObjC wrapper outlives JS wrapper)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 2 08:52:57 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=13250
------- Comment #10 from mitz at webkit.org 2007-04-02 08:52 PDT -------
(In reply to comment #8)
> I'm not sure this qualifies as a regression -- it requires use of the inspector
> so won't affect most users.
It is a regression since linked against shipping WebKit, the demo app doesn't
crash, while linked against TOT it does.
> I'm a little worried about storage leaks. It might be better to guard use of
> the JS implementation pointer in the WebScriptObject implementation so the
> object "goes dead" if the root object is gone. I'd like to hear Geoff's comment
> on that.
I also realized that the proposed patch didn't solve the problem of calling
-callWebScriptMethod... on an object with invalidated root and hitting the
ASSERT in RootObject::interpreter() (or crashing).
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list