[Webkit-unassigned] [Bug 18803] CRASH: ContainerNode::willRemove() called on deleted node
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 1 09:56:45 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18803
darin at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #20904|review? |review+
Flag| |
------- Comment #8 from darin at apple.com 2008-05-01 09:56 PDT -------
(From update of attachment 20904)
This looks good. It's great that it fixes the crash. I worry that the
willRemoveChild could still be used to make an infinite loop.
+ for (RefPtr<Node> n = m_firstChild; m_firstChild; n = m_firstChild) {
I can't see any reason to not write this as:
while (RefPtr<Node> n = m_firstChild)
+ // children), so we keep n in a RefPtr, lest n->nextSibling() crash
(18803)
I don't think the bug number is really all that valuable, not the specific
"lest n->nextSibling() crash".
Maybe the png files should have more generic names. Do we really need two
separate images for this? Is there a way to make the timing right for the crash
without having images?
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list