[Webkit-unassigned] [Bug 125110] New: Possible crash in void ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 2 15:13:48 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=125110
Summary: Possible crash in void
ProgressTracker::progressHeartbeatTimerFired(Timer<Pro
gressTracker>*)
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: beidson at apple.com
Possible crash in void ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
We know that it is possible to crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*) with a null m_originatingProgressFrame.
On the surface it appears this should not be possible because any time m_originatingProgressFrame is cleared out the progress heartbeat timer is also stopped. It is likely a race condition with stopping the timer in multi-threaded environments, yet we still have no way to reproduce.
There's no harm in null checking m_originatingProgressFrame before calling in to its loader.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list