[Webkit-unassigned] [Bug 19891] Broken HTML object elements cause de-reference of pointer to freed memory

Thu Jul 3 15:50:21 PDT 2008

https://bugs.webkit.org/show_bug.cgi?id=19891


------- Comment #7 from chrisb at adobe.com  2008-07-03 15:50 PDT -------
Interesting details about the test html file:
The object tag references a non-existent GIF.
There is a call to window.document.open in the onload handler.
The codetype on the object element is set to an image mime type.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.