[Webkit-unassigned] [Bug 55894] New: REGRESSION(r77560:77618): Crash on http://gnarf.net/jquery/test/
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 7 12:17:38 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=55894
Summary: REGRESSION(r77560:77618): Crash on
http://gnarf.net/jquery/test/
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: http://gnarf.net/jquery/test/
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: dglazkov at chromium.org
It's a null-ptr deref of a frame that went away here:
http://google.com/codesearch/p#OAMlx_jo-ck/src/third_party/WebKit/Source/WebCore/dom/Document.cpp&l=2028&exact_package=chromium
void Document::explicitClose()
{
if (!m_frame) {
// Because we have no frame, we don't know if all loading has completed,
// so we just call implicitClose() immediately. FIXME: This might fire
// the load event prematurely <http://bugs.webkit.org/show_bug.cgi?id=14568>.
if (m_parser)
m_parser->finish();
implicitClose();
return;
}
// This code calls implicitClose() if all loading has completed.
loader()->writer()->endIfNotLoadingMainResource();
--> m_frame->loader()->checkCompleted();
}
Bisecting...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list