[Webkit-unassigned] [Bug 19891] Broken HTML object elements cause de-reference of pointer to freed memory
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 25 13:17:49 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=19891
------- Comment #15 from chrisb at adobe.com 2008-07-25 13:17 PDT -------
(In reply to comment #14)
> (In reply to comment #13)
> > I can add a LayoutTest, but the LayoutTest would have to hit the network. The
> > bug only happens if the we get a 404 response with a non-image content type
> > header.
>
> That's fine, our HTTP tests can do that easily (see e.g.
> LayoutTests/http/tests/misc/resources/404image.php).
>
> > Also, I'm not sure I know how to detect that the test failed other
> > than the ASSERT I added to WebCore::Frame's constructor.
>
> Well, if it's dereferencing freed memory, it's likely to fail when run as
> "run-webkit-tests --threaded", so it's OK to land the test even if it's not
> 100% reproducible in release mode.
>
> > The attached test case is a reduction of an existing LayoutTest:
> > LayoutTests/dom/html/level2/html/HTMLBodyElement08.html
>
> This leaves me a bit confused, as this test doesn't hit the network - in which
> sense is it a reduction? Does this existing test use the same buggy code path?
>
If you load LayoutTests/dom/html/level2/html/HTMLBodyElement08.html over an
http connection it will exercise the same code path.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list