[Webkit-unassigned] [Bug 45309] New: ActiveDOMObjects::hasPendingActivity doesn't prevent element collection

Tue Sep 7 10:37:31 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=45309

           Summary: ActiveDOMObjects::hasPendingActivity doesn't prevent
                    element collection
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media Elements
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: eric.carlson at apple.com

Created an attachment (id=66738)
 --> (https://bugs.webkit.org/attachment.cgi?id=66738)
Crash example

Even with the changes for https://bugs.webkit.org/show_bug.cgi?id=45306, the attached test case asserts in JSEventListener::jsFunction when a media element tries to fire an event after the js wrapper has been collected. Those changes should prevent this because they make HTMLMediaElement inherit from ActiveDOMObject and 1) return true from hasPendingActivity when events are in the queue, and 2) flush pending events in suspend/stop. 

It doesn't prevent the object from being collected because when markActiveObjectsForContext sees that a media element has pending activity it calls markDOMObjectWrapper, but the media element has a DOMNodeWrapper so the mark never happens and the element is collected.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.