[Webkit-unassigned] [Bug 49667] REGRESSION: Crash in resetFormElementsOwner() when moving JIRA bug to another project
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 29 09:22:34 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=49667
--- Comment #14 from Kenichi Ishibashi <bashi at google.com> 2010-11-29 09:22:33 PST ---
Hi Alexey,
Thanks for comment. It very helpful for me. I agree with you that Node::document() hardly returns null here, but the node pointer seems to be valid as far as I investigated the log. I added ASSERT(fastMallocSize(this)) and tried to reproduce but any assertion failure occurred.
(In reply to comment #12)
> Node::document() can only return null for DocumentType nodes that aren't used with any Document yet. That's hardly the case here, so it's more likely that the node pointer itself is stale.
>
> > couldn't reproduce the bug yet, even I tested the same environment (WebKit nightly build r72146 and JIRA 4.1.2#531).
>
> You can try to make the crash more likely in debug mode by adding ASSERT(fastMallocSize(this)) - pointers to unallocated memory would make fastMallocSize return 0.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list