[Webkit-unassigned] [Bug 56124] CSSSelector double frees
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 11 08:38:13 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=56124
Mihai Parparita <mihaip at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jamesr at chromium.org
--- Comment #3 from Mihai Parparita <mihaip at chromium.org> 2011-03-11 08:38:12 PST ---
(In reply to comment #2)
> 0x658af42d [chrome.dll - stylesheet.cpp:67] WebCore::StyleSheet::~StyleSheet()
> 0x6584da3c [chrome.dll - cssstylesheet.cpp:88] WebCore::CSSStyleSheet::~CSSStyleSheet()
> 0x6584d911 [chrome.dll + 0x000dd911] WebCore::CSSStyleSheet::`vector deleting destructor'(unsigned int)
> 0x657c913c [chrome.dll - refcounted.h:141] WTF::RefCounted<WebCore::LightSource>::deref()
> 0x65832a07 [chrome.dll - vector.h:526] WTF::Vector<WTF::RefPtr<WebCore::StyleSheet>,0>::~Vector<WTF::RefPtr<WebCore::StyleSheet>,0>()
> 0x657b5128 [chrome.dll - refcounted.h:141] WTF::RefCounted<WebCore::StyleSheetList>::deref()
>
> I don't understand these stacks. What is LightSource doing here?
James explained this to me as the templated version of RefCounted<CSSStyleSheet> and RefCounted<LightSource> being equivalent, and so only one version ends up in release builds, therefore the symbolizing code that our crash report service uses doesn't know which one it was originally.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list