[Webkit-unassigned] [Bug 106663] New: IconLoader destructor called without calling removeClient().
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 11 06:57:35 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=106663
Summary: IconLoader destructor called without calling
removeClient().
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mark.toller at samsung.com
IconLoader uses a CachedRawResource, this class sets a timer and calls back into the IconLoader when the timer fires. However, the IconLoader can be destroyed (on web view destruction) without removing itself from the CachedRawResource, so the timer firing calls into a deleted object causing a crash.
Adding a check into the destructor fixes this problem on our platform (webkit2, gtk based).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list