[Webkit-unassigned] [Bug 119044] [Win] Crash after plugin is unloaded.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 1 03:59:17 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119044
--- Comment #7 from peavo at outlook.com 2013-10-01 03:58:14 PST ---
I have investigated why the plugin object is not invalidated, and found that it has been scheduled for garbage collection (state == dead == 1) before the runtime root is invalidated. The runtime root will then skip invalidating the runtime object (now a zombie), and when this object is garbage collect later, after the plugin has been unloaded, we get the crash.
I'm not sure that this is the right patch, but I think it illustrates the problem at hand.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list