[Webkit-unassigned] [Bug 12661] REGRESSION: Crash in WebCore::RenderObject::setStyle visiting Bookmarks view while a page is loading

Thu Feb 8 07:19:11 PST 2007

http://bugs.webkit.org/show_bug.cgi?id=12661

mitz at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #13053|                            |review?
               Flag|                            |

------- Comment #2 from mitz at webkit.org  2007-02-08 07:19 PDT -------
Created an attachment (id=13053)
 --> (http://bugs.webkit.org/attachment.cgi?id=13053&action=view)
A possible fix, w/o change log and layout test

I can reproduce the bug not only with the bookmarks view but also with other
document types that don't use the HTML view, for example, with a PDF. The
problem seems to be that FrameLoader::clear() is never called when such
documents are committed to the frame, and as a result the previous document
remains "live" despite no longer being in the frame.

I am pretty sure that clear() needs to be called when the new document is
committed, but I am less sure that commitProvisionalLoad() is the right place
(or the only additional place) it needs to be called from. I am marking this
for review just to get the opinion of someone with more knowledge of the
loader.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.