[Webkit-unassigned] [Bug 193253] CRASH: WebCore::IntersectionObserver::notify while debugging
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 9 13:07:10 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=193253
--- Comment #2 from Ali Juma <ajuma at chromium.org> ---
The crash stack is a bit strange: Document::notifyIntersectionObserversTimerFired accesses IntersectionObservers using WeakPtrs, and null-checks before calling IntersectionObsever::notify, and yet we're crashing on the first line of IntersectionObserver::notify when calling m_queuedEntries.isEmpty(). This makes it seem like something is corrupting the contents of Document::m_intersectionObserversWithPendingNotifications so that it has bogus WeakPtrs.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190109/4c4ee1e8/attachment.html>
More information about the webkit-unassigned
mailing list