[Webkit-unassigned] [Bug 19891] Broken HTML object elements cause de-reference of pointer to freed memory

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jul 26 01:31:09 PDT 2008


------- Comment #17 from ap at webkit.org  2008-07-26 01:31 PDT -------
(From update of attachment 22484)
+       // Make sure we will not end up with two frames referencing the same
owner element.
+       ASSERT((!(ownerElement->m_contentFrame)) ||
(ownerElement->m_contentFrame->ownerElement() != ownerElement));

Please use spaces, not tabs (pre-commit hook will deny landing the patch

Index: LayoutTests/http/tests/misc/object-image-error-with-onload-expected.txt

Ugh, so the results are empty, and opening the test will leave the tester
puzzled. Can this be improved (maybe with a document.write())?

+<object data="this.image.does.not.exist.gif" codetype="image/gif"

It might help to have a comment saying that this relies on a text/html 404 page
being generated by the server.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list