[Webkit-unassigned] [Bug 12768] REGRESSION (r19595): Crash in WebCore::RenderLayer::scrollToOffset leaving macupdate.com via bookmark
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 14 14:52:23 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12768
mitz at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hyatt at apple.com
------- Comment #14 from mitz at webkit.org 2007-02-14 14:52 PDT -------
(In reply to comment #13)
> Is willRemove being called on a document that is being purged from the b/f
> cache? Is that what's happening? I'd really like to understand why willRemove
> is unsafe but detach was safe, since usually willRemove is called right before
> detach.
>
It's called under FrameLoader::clear(bool) and on a document leaving the frame
(regardless of whether it's headed to the b/f cache or not. The reason the
crash doesn't happen with pages that don't go into the b/f cache is that their
detach() resets the focused node (and doesn't even dispatch blur events)).
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list