[Webkit-unassigned] [Bug 19723] New: REGRESSION(r34648): Some SVG tests crash when running under --threaded
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 23 05:47:29 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=19723
Summary: REGRESSION(r34648): Some SVG tests crash when running
under --threaded
Product: WebKit
Version: 526+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P1
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ap at webkit.org
In <http://trac.webkit.org/changeset/34648>, painting was added to
RenderSVGInlineText::destroy(). During document destruction, rendering
structures are not kept in consistent state, and painting results in access to
freed memory (possibly overwritten by a background thread).
I have a fix that wraps painting in if (!documentBeingDestroyed()), but given
that no other destroy() call paints itself, it might be that the original bug
could/should be fixed in some different manner.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list