[Webkit-unassigned] [Bug 54146] New: User generated events may not fire properly due to garbage collection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 9 14:33:16 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=54146
Summary: User generated events may not fire properly due to
garbage collection
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jorlow at chromium.org
CC: abarth at webkit.org, ager at chromium.org,
atwilson at chromium.org, japhet at chromium.org,
jorlow at chromium.org, antonm at chromium.org,
vitalyr at chromium.org
In https://bugs.webkit.org/show_bug.cgi?id=54144 I fixed an issue where events weren't firing because the JS wrapper was getting garbage collected before we fired event listeners. The only way to fix this is to find some point where you know no more events will be fired and only let the wrapper get collected after that. This is what many of the ActiveDOMObjects do.
The problem is that, as far as I understand it, a user can fire an event on any event target that they wish at any time. It seems as though it'd be very easy for someone to register an event, drop the handle, have a gc happen, and then get another handle (or use some stashed handle of a parent object and use an event that captures/bubbles) and fire an event. I believe that in such a case, the user will not see an event handle as expected.
Thoughts?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list