[Webkit-unassigned] [Bug 18174] New: Crash when destroying frame from onload callback
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 27 22:51:40 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18174
Summary: Crash when destroying frame from onload callback
Product: WebKit
Version: 526+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: UNCONFIRMED
Severity: Normal
Priority: P1
Component: WebKit Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: minatoar at gmail.com
Append an iframe, register a suicidal onload, then set its src to
"about:blank".
Pretty much the same problem as:
LayoutTests/fast/frames/onload-remove-iframe-crash.html
Difference is the entry point (here the death gears are set in motion by
assigning the iframe.src property)
Will follow up with reduced test case (I observed the problem on
http://www.hixie.ch/tests/adhoc/dom/level0/location/components/001.html)
Repro-ed it in Webkit Nightly (r31381), and Safari 3.1 (Windows XP)
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list