[Webkit-unassigned] [Bug 45737] [Chromium] fast/frames/frame-limit.html is crashing on debug bots after r67179:r67353 roll
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 17 16:51:43 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=45737
Eric Seidel <eric at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |45365
--- Comment #12 from Eric Seidel <eric at webkit.org> 2010-09-17 16:51:43 PST ---
I dont' think it's right to add a Protect ptr w/o a comment as to what it's protecting against. In this case, it's not clear from reading the code why it's needed.
Clearly my re-ordering of those calls in bug 45365 caused this bug. However before I reordered them the frame counts were off during frameDetached.
(WebCore::HTMLFrameOwnerElement::willRemove):
- Disconnecting the owner element removes the frame from the frame tree.
frameDetached() calls Page::frameCount which expects that the frame is
already gone at this point and asserts when it's not. It's unclear how
this worked before, except that the frame removal was likely done in the
post-attach callback, so the frameCount was wrong (too high) during
frameDetached(), but was fixed up in the post-detach callback.
Maybe my re-ordering was wrong.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list