[Webkit-unassigned] [Bug 121537] Crashed while visit http://html5video.org/wiki/HTML5_Demos
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 18 19:25:42 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=121537
--- Comment #6 from Andreas Kling <akling at apple.com> 2013-09-18 19:24:48 PST ---
(From update of attachment 211979)
View in context: https://bugs.webkit.org/attachment.cgi?id=211979&action=review
>>> Source/WebCore/bindings/js/JSNodeCustom.cpp:115
>>> + // |audioConstructor| then HTMLUnknowElement was created to instead HTMLAudioElement.
>>
>> Why does paused return false for HTMLUnknownElement?
>
> The problem was HTMLUnknownElement has not paused() member function, We convert HTMLUnknownElement to HTMLAudioElement illegally then call paused() will crash.
How does that happen if the isHTMLAudioElement(node) check succeeded on the line just before?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list