[Webkit-unassigned] [Bug 7899] FrameTree:uniqueChildName doesn't return unique names
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 7 11:49:56 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=7899
------- Comment #7 from marv.decker at gmail.com 2007-08-07 11:49 PDT -------
This bug is causing some crashes for me, and is showing up in the topcrash list
for my embedding application. Should it be P1?
The crash is in EventHandler::passWheelEventToWidget (and presumably other
input events) when you use the scroll wheel over certain iframes (seems to
depend on timing, can can be hard to reproduce) because the widget for the
RenderWidget is NULL.
The widget is normally set when the load is committed for the frame, which of
course requires that the load be started. The load is started from the redirect
timer in the FrameLoader.
What happens is that frame 1 comes in and sets the redirect timer to start the
load. Other stuff happens, frames get deleted, etc. to cause the name to be the
same (this is where the timing sutff comes in). Frame 2 then gets created and
happens to get the same "unique" child name as Frame 1. In
FrameLoader::requestFrame, we now get the *old* frame in |frame|, cancel the
old (correct) load, and start loading the new frame's URL in it. Frame 2 is
never initialized, leading to a crash.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list