[Webkit-unassigned] [Bug 12087] REGRESSION: Reproducible crash going back in Back/Forward history
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 4 00:28:42 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12087
mitz at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |darin at apple.com
------- Comment #7 from mitz at webkit.org 2007-01-04 00:28 PDT -------
Yeah, this is the same pattern as bug 11675. The "reused" object is a
WebDocumentLoaderMac, whose m_detachedDataSource points to a released data
source. The data source is released when the WebHTMLView is closed.
setDocumentViewFromPageCache used to rely on the pageCache holding (and
retaining) the data source directly. Now it is held indirectly by the pageCache
via the DocumentLoader, however the latter does not retain.
I'm not sure why m_detachedDataSource in WebDocumentLoaderMac is not retained
(can't see how it could lead to a retain cycle), so changing this might be a
possible fix. However, I still don't like the fact that
HistoryItem::setHasPageCache doesn't resurrect an
existing-but-scheduled-for-release pageCache, but instead creates a new one. It
seems unnecessarily risky to have two pageCache objects for a single
HistoryItem at a point in time (the new one and the old one scheduled for
release), and I don't see any benefit in doing things this way. I think it is
also the only reason that WebViews are required to support the "reopening"
behavior, which is not trivial to get right.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list