[Webkit-unassigned] [Bug 150871] Wheel event callback removing the window causes crash in WebCore.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 5 12:05:00 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=150871
--- Comment #31 from Brent Fulgham <bfulgham at webkit.org> ---
(In reply to comment #22)
> So, the main frame is deleted (and the destructor deletes the
> WheelEventDeltaFilter), then the Frame destructor is run that calls
> setView(nullptr) that calls EventHandler::clear(). And now that
> EventHandler::clear class clearLatchedState, we are using
> m_frame.mainFrame() that has already been deleted.
I can see how this could be an issue if the Frame being destructed is a MainFrame, and that its MainFrame member is a reference to itself. In that case, the MainFrame portion of the object could have been destroyed before 'setView(nullptr)' was called.
It might work to call "setView(nullptr)" in the MainFrame destructor, and only call it in the Frame destructor for non-mainframes.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160405/f9827850/attachment.html>
More information about the webkit-unassigned
mailing list