[Webkit-unassigned] [Bug 19891] Broken HTML object elements cause de-reference of pointer to freed memory
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 26 01:31:09 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=19891
------- Comment #17 from ap at webkit.org 2008-07-26 01:31 PDT -------
(From update of attachment 22484)
+ // Make sure we will not end up with two frames referencing the same
owner element.
+ ASSERT((!(ownerElement->m_contentFrame)) ||
(ownerElement->m_contentFrame->ownerElement() != ownerElement));
Please use spaces, not tabs (pre-commit hook will deny landing the patch
otherwise).
Index: LayoutTests/http/tests/misc/object-image-error-with-onload-expected.txt
===================================================================
Ugh, so the results are empty, and opening the test will leave the tester
puzzled. Can this be improved (maybe with a document.write())?
+<object data="this.image.does.not.exist.gif" codetype="image/gif"
height="10"></object>
It might help to have a comment saying that this relies on a text/html 404 page
being generated by the server.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list