[Webkit-unassigned] [Bug 71035] crash near WebCore::QtFallbackWebPopupCombo::hidePopup when dismissing a <select> before it is fully rendered (Mac only)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 30 08:55:41 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=71035
--- Comment #1 from Paul Sturm <sturm at branewave.com> 2011-11-30 08:55:42 PST ---
I fixed this in qt/WebCoreSupport/QtFallbackWebPopup.cpp:
void QtFallbackWebPopupCombo::hidePopup()
{
...
QComboBox::hidePopup(); // move this line ...
if (!m_ownerPopup.m_popupVisible)
return;
m_ownerPopup.m_popupVisible = false;
// ... to here
m_ownerPopup.popupDidHide();
m_ownerPopup.destroyPopup();
}
The problem was that hidePopup() was sometimes being called twice (due to the vagaries of the OS X event loop). The first time through, the popup was closed and then destroyed. The second time through, the popup (which had been destroyed) was getting closed again – thus accessing memory that had been freed.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list