[Webkit-unassigned] [Bug 19891] Broken HTML object elements cause de-reference of pointer to freed memory
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 25 12:34:13 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=19891
ap at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ap at webkit.org
------- Comment #14 from ap at webkit.org 2008-07-25 12:34 PDT -------
(In reply to comment #13)
> I can add a LayoutTest, but the LayoutTest would have to hit the network. The
> bug only happens if the we get a 404 response with a non-image content type
> header.
That's fine, our HTTP tests can do that easily (see e.g.
LayoutTests/http/tests/misc/resources/404image.php).
> Also, I'm not sure I know how to detect that the test failed other
> than the ASSERT I added to WebCore::Frame's constructor.
Well, if it's dereferencing freed memory, it's likely to fail when run as
"run-webkit-tests --threaded", so it's OK to land the test even if it's not
100% reproducible in release mode.
> The attached test case is a reduction of an existing LayoutTest:
> LayoutTests/dom/html/level2/html/HTMLBodyElement08.html
This leaves me a bit confused, as this test doesn't hit the network - in which
sense is it a reduction? Does this existing test use the same buggy code path?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list