[Webkit-unassigned] [Bug 43295] cross_fuzz notification requestPermission memory corruption
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 2 12:28:41 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=43295
Justin Schuh <jschuh at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jschuh at chromium.org
--- Comment #3 from Justin Schuh <jschuh at chromium.org> 2010-08-02 12:28:42 PST ---
It looks like NotificationCenter::m_scriptExecutionContext needs to get cleared at the end of NotificationCenter::disconnectFrame() (since I can't think of a way the context can be valid after the page is destroyed). That will also necessitate a check in the custom bindings for a NULL context.
If I have some free time today I'll take a crack at it and submit a patch for review.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list