[Webkit-unassigned] [Bug 119044] [Win] Crash after plugin is unloaded.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 1 03:59:17 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=119044





--- Comment #7 from peavo at outlook.com  2013-10-01 03:58:14 PST ---
I have investigated why the plugin object is not invalidated, and found that it has been scheduled for garbage collection (state == dead == 1) before the runtime root is invalidated. The runtime root will then skip invalidating the runtime object (now a zombie), and when this object is garbage collect later, after the plugin has been unloaded, we get the crash.

I'm not sure that this is the right patch, but I think it illustrates the problem at hand.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list