[Webkit-unassigned] [Bug 15618] REGRESSION: Stack overflow/crash in KJS::equal
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 22 08:31:59 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15618
------- Comment #1 from ap at webkit.org 2007-10-22 08:31 PDT -------
Created an attachment (id=16800)
--> (http://bugs.webkit.org/attachment.cgi?id=16800&action=view)
test case (will crash)
Looks like the new limit for JS stack set in
<http://trac.webkit.org/projects/webkit/changeset/25161> is too large indeed.
The problem in the original page is caused by a script that accurately
preserves window.onload while setting it to its own function. This script is
included twice, which causes infinite recursion - must be a pretty common
situation.
function onLoad() {
...
if (savedOnload)
savedOnload();
}
savedOnload = window.onload;
window.onload = onLoad;
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list