[Webkit-unassigned] [Bug 49667] REGRESSION: Crash in resetFormElementsOwner() when moving JIRA bug to another project
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 26 22:41:28 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=49667
--- Comment #12 from Alexey Proskuryakov <ap at webkit.org> 2010-11-26 22:41:28 PST ---
Node::document() can only return null for DocumentType nodes that aren't used with any Document yet. That's hardly the case here, so it's more likely that the node pointer itself is stale.
> couldn't reproduce the bug yet, even I tested the same environment (WebKit nightly build r72146 and JIRA 4.1.2#531).
You can try to make the crash more likely in debug mode by adding ASSERT(fastMallocSize(this)) - pointers to unallocated memory would make fastMallocSize return 0.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list