[Webkit-unassigned] [Bug 16868] Gmail crash

Tue Jan 15 13:29:51 PST 2008

http://bugs.webkit.org/show_bug.cgi?id=16868

cwzwarich at uwaterloo.ca changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #18458|review?                     |
               Flag|                            |
  Attachment #18458|0                           |1
        is obsolete|                            |
  Attachment #18461|                            |review?
               Flag|                            |

------- Comment #15 from cwzwarich at uwaterloo.ca  2008-01-15 13:29 PDT -------
Created an attachment (id=18461)
 --> (http://bugs.webkit.org/attachment.cgi?id=18461&action=view)
Revised proposed patch

Here is an updated version of the patch. It is less convoluted than before,
maybe uses a few more branches in the bad case, and properly deals with the
situation where there are multiple ExecStates down the callingExec chain that
have distinct savedExec's (can this ever actually happen?).

(In reply to comment #14)
> Can you add a regression test to this patch? Typically, we require regression
> fixes to include test cases demonstrating the fix.

I should be able to make a layout test that shows the problems with
cross-window eval(). I am not sure about the others. In theory, I should also
be able to force a crash with the m_savedExec != m_calledExec situation by
explicitly asking for a GC every other line. I will try to have at least one
test soon.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.