[Webkit-unassigned] [Bug 30765] Nightly build of Safari and Chrome 4 remove two functions registered to window.onload event when calling removeEventListener to remove the first one of them.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 26 06:50:19 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30765
johnnyding <johnnyding.webkit at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dglazkov at chromium.org,
| |ggaren at apple.com,
| |sam at webkit.org
--- Comment #3 from johnnyding <johnnyding.webkit at gmail.com> 2009-10-26 06:50:15 PDT ---
According to the testcase Hanrui provided, the bug is because in the first
onload event listener, it removed itself from event listeners, but when back to
EventTarget::fireEventListeners, the function still re-traversed the listener
vector by using old index. Since at this time the index points to new value 0
(which is old index 1), when the for loop continues, the index 0 (old index 1)
will be skipped. That causes WebKit misses a event listener handle.
I personally think that if the listener vector was changed in a event listener,
we should re-traverse the listener vector in case missing some listeners
because of listener order change.
I cooked a patch for fixing this issues without adding new tests. Could anyone
give a review? If you are OK with my fix. I will add the test later.
Thanks!
By the way, since now addEventListener logic doesn't notify the increment of
listeners like what method removeEventListener notifies for decrement, this
patch does not take care the situation about adding new event listeners in a
event listener handle.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list