[Webkit-unassigned] [Bug 49972] New: REGRESSION (r72415?): Crash in DOMWindow::dispatchTimedEvent when running fast/dom/onload-open.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 23 07:02:35 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=49972
Summary: REGRESSION (r72415?): Crash in
DOMWindow::dispatchTimedEvent when running
fast/dom/onload-open.html
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Keywords: LayoutTestFailure, Regression
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
CC: fishd at chromium.org, simonjam at chromium.org
To reproduce:
1. run-webkit-tests fast/dom/onload-open.html
You'll crash in a seemingly-random place. But if you turn on full page heap (or, presumably, GuardMalloc) you'll find that the cause of the crash is DOMWindow::dispatchTimedEvent, specifically the last line below:
*startTime = currentTime();
dispatchEvent(event, target);
*endTime = currentTime();
endTime points to DocumentLoadTiming::loadEventEnd, but the DocumentLoadTiming (and its parent DocumentLoader) have been destroyed by this point.
I'm pretty certain regression was introduced in r72415.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list