[Webkit-unassigned] [Bug 23180] New: Reading freed memory at DocumentLoader::checkForPendingPreloads
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 8 05:32:59 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23180
Summary: Reading freed memory at
DocumentLoader::checkForPendingPreloads
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ager at chromium.org
In loader.cpp in Loader::Host::didFinishLoading the following two lines causes
the problem:
docLoader->setLoadInProgress(false);
docLoader->checkForPendingPreloads();
setLoadInProgress(false) can cause the frame to be deallocated, which can cause
the document to be deallocated and the document destructor deletes the
DocumentLoader. Therefore, docLoader can be freed memory at the call to
checkForPendingPreloads.
This happens when running the layout test:
LayoutTests/http/tests/misc/onload-remove-iframe-crash-2.html.
Would it make sense to just reorder and check for pending preloads before
setting load in progress to false?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list