[Webkit-unassigned] [Bug 17338] A crash in popActivation when playing evil games with database support

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 13 23:06:01 PST 2008


------- Comment #5 from cwzwarich at uwaterloo.ca  2008-02-13 23:06 PDT -------
The example wasn't working for me because of the changes to disable local
storage in clients that don't implement the proper delegate methods. Mark sent
me a patch that removes this restriction, and I was able to reproduce the bug.

It crashes for the same reason as bug 17329, JSGlobalObject::reset() is called
while there is still a single element on the activation stack, causing the next
call to JSGlobalObject::popActivation() to segfault. However, bug 17329 was
traced by Geoff down to javascript: links, whereas none of those appear in this
example. Therefore, I think that calling this a duplicate of bug 17329 is
premature. I will trace the calls to JSGlobalObject::reset() and see why it is
being called in the middle of script execution.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list