[Webkit-unassigned] [Bug 18803] CRASH: ContainerNode::willRemove() called on deleted node
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 30 11:10:16 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18803
------- Comment #6 from eric at webkit.org 2008-04-30 11:10 PDT -------
Ah! I was wrong. The problem is that willRemoveChild(n) could have
side-effects of causing n to be deleted.
for (n = m_firstChild; n; n = n->nextSibling())
willRemoveChild(n);
If we end up re-entering this method below that call, n will have been deleted
(along with all of the siblings). One solution would be so simply hold a Ref
to n during traversal. Not sure if that's the right fix.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list