[Webkit-unassigned] [Bug 19580] REGRESSION (r34388-r34503): Windows nightly crashes in HTMLCollection::resetCollectionInfo

Tue Jul 1 19:40:08 PDT 2008

https://bugs.webkit.org/show_bug.cgi?id=19580

------- Comment #20 from aroben at apple.com  2008-07-01 19:40 PDT -------
(In reply to comment #16)
> Here's the disassembly for HTMLFormElement::elements:
> 
> PassRefPtr<HTMLCollection> HTMLFormElement::elements()
> {
> 00E10710  push        ebp  
> 00E10711  mov         ebp,esp 
> 00E10713  push        ecx  
>     return HTMLFormCollection::create(this);
> 00E10714  test        ecx,ecx 
> 00E10716  push        ecx  
> 00E10717  mov         dword ptr [esp],ecx 
> 00E1071A  je          WebCore::HTMLFormElement::elements+0Fh (0E1071Fh) 
> 00E1071C  inc         dword ptr [ecx+4] 
> 00E1071F  lea         eax,[ebp-4] 
> 00E10722  push        esi  
> 00E10723  push        eax  
> 00E10724  call        WebCore::HTMLFormCollection::create (0E09F70h) 

It looks like the value in esi ends up being the value of the argument passed
to HTMLFormCollection::create. If this were working correctly, ecx would be the
value passed to HTMLFormCollection::create.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.