47257 2010-10-06 04:52:18 -0700 DeviceOrientation crash when page is in page cache and is navigated while listener is registered 2010-10-14 07:15:05 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 30335 1 steveblock webkit-unassigned hans jorlow steveblock oldest_to_newest 290206 0 steveblock 2010-10-06 04:52:18 -0700 When a page is navigated while a listener is registered for DeviceOrientation events, a crash can occur if the controller later attempts to dispatch an event. We need to make sure all listeners are removed when the page is navigated. We currently remove all listeners from DOMWindow::removeAllEventListeners() but this is not called on page reload. We could add similar code to DOMWindow::clear(). 294044 1 steveblock 2010-10-14 04:18:38 -0700 This occurs only when the page is in the page cache, as in this case, event listeners are not unregistered. Note that a crash is only observed with V8. 294045 2 70725 steveblock 2010-10-14 04:24:32 -0700 Created attachment 70725 Patch 294059 3 70725 jorlow 2010-10-14 05:19:38 -0700 Comment on attachment 70725 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=70725&action=review r=me > LayoutTests/fast/dom/DeviceOrientation/script-tests/event-after-navigation.js:1 > +description('Tests for a crash where an event is fired after the page has been navigated away when the original page is in the page cache.<br><br>Note that the crash is only seen with V8.'); Is there any reason this crash can only possibly happen in V8? If not, this comment probably should be removed, even if we currently only see it in V8. If so, it should probably mention why it's V8 specific. This way it'll be clear whether the comment is stale. 294062 4 steveblock 2010-10-14 05:26:48 -0700 > Is there any reason this crash can only possibly happen in V8? If not, this > comment probably should be removed, even if we currently only see it in V8. No, there's no fundamental reason why it should only happen with V8. The controller should never try to fire events once the document has gone. I'll remove the comment before landing. 294093 5 steveblock 2010-10-14 07:15:05 -0700 Committed r69764: <http://trac.webkit.org/changeset/69764> 70725 2010-10-14 04:24:32 -0700 2010-10-14 05:27:05 -0700 Patch bug-47257-20101014122430.patch text/plain 4212 steveblock SW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9D aGFuZ2VMb2cJKHJldmlzaW9uIDY5NzU2KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3Jr aW5nIGNvcHkpCkBAIC0xLDMgKzEsMjEgQEAKKzIwMTAtMTAtMTQgIFN0ZXZlIEJsb2NrICA8c3Rl dmVibG9ja0Bnb29nbGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIERldmljZU9yaWVudGF0aW9uIGNyYXNoIHdoZW4gcGFnZSBpcyBpbiBwYWdl IGNhY2hlIGFuZCBpcyBuYXZpZ2F0ZWQgd2hpbGUgbGlzdGVuZXIgaXMgcmVnaXN0ZXJlZAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDcyNTcKKworICAg ICAgICBUaGlzIGNyYXNoIGlzIGF2b2lkZWQgbm93IHRoYXQgcGFnZXMgdXNpbmcgRGV2aWNlT3Jp ZW50YXRpb24gYXJlIG5vdCBwdXQgaW4KKyAgICAgICAgdGhlIHBhZ2UgY2FjaGUuIFNlZSBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDc0MDguCisKKyAgICAgICAgVGhp cyB0ZXN0IHNlcnZlcyB0byBkb2N1bWVudCB0aGUgZmFjdCB0aGF0IHRoZSB1bmRlcmx5aW5nIHBy b2JsZW0gbmVlZHMgdG8KKyAgICAgICAgYmUgYWRkcmVzc2VkIGJlZm9yZSB0aGUgcGFnZSBjYWNo ZSBpcyBlbmFibGVkIGZvciBEZXZpY2VPcmllbnRhdGlvbi4KKworICAgICAgICAqIGZhc3QvZG9t L0RldmljZU9yaWVudGF0aW9uL2V2ZW50LWFmdGVyLW5hdmlnYXRpb24tZXhwZWN0ZWQudHh0OiBB ZGRlZC4KKyAgICAgICAgKiBmYXN0L2RvbS9EZXZpY2VPcmllbnRhdGlvbi9ldmVudC1hZnRlci1u YXZpZ2F0aW9uLmh0bWw6IEFkZGVkLgorICAgICAgICAqIGZhc3QvZG9tL0RldmljZU9yaWVudGF0 aW9uL3Jlc291cmNlcy9ldmVudC1hZnRlci1uYXZpZ2F0aW9uLW5ldy5odG1sOiBBZGRlZC4KKyAg ICAgICAgKiBmYXN0L2RvbS9EZXZpY2VPcmllbnRhdGlvbi9zY3JpcHQtdGVzdHMvZXZlbnQtYWZ0 ZXItbmF2aWdhdGlvbi5qczogQWRkZWQuCisKIDIwMTAtMTAtMTQgIEhheWF0byBJdG8gIDxoYXlh dG9AY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFVucmV2aWV3ZWQsIGJ1aWxkIGZpeC4KSW5kZXg6 IExheW91dFRlc3RzL2Zhc3QvZG9tL0RldmljZU9yaWVudGF0aW9uL2V2ZW50LWFmdGVyLW5hdmln YXRpb24tZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvZG9tL0Rl dmljZU9yaWVudGF0aW9uL2V2ZW50LWFmdGVyLW5hdmlnYXRpb24tZXhwZWN0ZWQudHh0CShyZXZp c2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9kb20vRGV2aWNlT3JpZW50YXRpb24vZXZlbnQt YWZ0ZXItbmF2aWdhdGlvbi1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsNSBA QAorVGVzdHMgZm9yIGEgY3Jhc2ggd2hlcmUgYW4gZXZlbnQgaXMgZmlyZWQgYWZ0ZXIgdGhlIHBh Z2UgaGFzIGJlZW4gbmF2aWdhdGVkIGF3YXkgd2hlbiB0aGUgb3JpZ2luYWwgcGFnZSBpcyBpbiB0 aGUgcGFnZSBjYWNoZS4KKworTm90ZSB0aGF0IHRoZSBjcmFzaCBpcyBvbmx5IHNlZW4gd2l0aCBW OC4KKworU1VDQ0VTUwpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9kb20vRGV2aWNlT3JpZW50YXRp b24vZXZlbnQtYWZ0ZXItbmF2aWdhdGlvbi5odG1sCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3Rz L2Zhc3QvZG9tL0RldmljZU9yaWVudGF0aW9uL2V2ZW50LWFmdGVyLW5hdmlnYXRpb24uaHRtbAko cmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2Zhc3QvZG9tL0RldmljZU9yaWVudGF0aW9uL2V2 ZW50LWFmdGVyLW5hdmlnYXRpb24uaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwxMiBAQAor PGh0bWw+Cis8aGVhZD4KKzxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iLi4vLi4vanMvcmVz b3VyY2VzL2pzLXRlc3Qtc3R5bGUuY3NzIj4KKzxzY3JpcHQgc3JjPSIuLi8uLi9qcy9yZXNvdXJj ZXMvanMtdGVzdC1wcmUuanMiPjwvc2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8cCBpZD0iZGVz Y3JpcHRpb24iPjwvcD4KKzxkaXYgaWQ9ImNvbnNvbGUiPjwvZGl2PgorPHNjcmlwdCBzcmM9InNj cmlwdC10ZXN0cy9ldmVudC1hZnRlci1uYXZpZ2F0aW9uLmpzIj48L3NjcmlwdD4KKzxzY3JpcHQg c3JjPSIuLi8uLi9qcy9yZXNvdXJjZXMvanMtdGVzdC1wb3N0LmpzIj48L3NjcmlwdD4KKzwvYm9k eT4KKzwvaHRtbD4KSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZG9tL0RldmljZU9yaWVudGF0aW9u L3Jlc291cmNlcy9ldmVudC1hZnRlci1uYXZpZ2F0aW9uLW5ldy5odG1sCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IExheW91dFRlc3RzL2Zhc3QvZG9tL0RldmljZU9yaWVudGF0aW9uL3Jlc291cmNlcy9ldmVudC1h ZnRlci1uYXZpZ2F0aW9uLW5ldy5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFz dC9kb20vRGV2aWNlT3JpZW50YXRpb24vcmVzb3VyY2VzL2V2ZW50LWFmdGVyLW5hdmlnYXRpb24t bmV3Lmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTYgQEAKKzxodG1sPgorICA8aGVhZD4K KyAgPC9oZWFkPgorICA8Ym9keT4KKyAgICBUZXN0cyBmb3IgYSBjcmFzaCB3aGVyZSBhbiBldmVu dCBpcyBmaXJlZCBhZnRlciB0aGUgcGFnZSBoYXMgYmVlbiBuYXZpZ2F0ZWQKKyAgICBhd2F5IHdo ZW4gdGhlIG9yaWdpbmFsIHBhZ2UgaXMgaW4gdGhlIHBhZ2UgY2FjaGUuPGJyPjxicj4KKyAgICBO b3RlIHRoYXQgdGhlIGNyYXNoIGlzIG9ubHkgc2VlbiB3aXRoIFY4Ljxicj48YnI+CisgICAgU1VD Q0VTUworICAgIDxzY3JpcHQ+CisgICAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVy KSB7CisgICAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuc2V0TW9ja0RldmljZU9yaWVudGF0 aW9uKHRydWUsIDEuMSwgdHJ1ZSwgMi4yLCB0cnVlLCAzLjMpOworICAgICAgICAgIGxheW91dFRl c3RDb250cm9sbGVyLm5vdGlmeURvbmUoKTsKKyAgICAgIH0KKyAgICA8L3NjcmlwdD4KKyAgPC9i b2R5PgorPC9odG1sPgpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9kb20vRGV2aWNlT3JpZW50YXRp b24vc2NyaXB0LXRlc3RzL2V2ZW50LWFmdGVyLW5hdmlnYXRpb24uanMKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g TGF5b3V0VGVzdHMvZmFzdC9kb20vRGV2aWNlT3JpZW50YXRpb24vc2NyaXB0LXRlc3RzL2V2ZW50 LWFmdGVyLW5hdmlnYXRpb24uanMJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2Rv bS9EZXZpY2VPcmllbnRhdGlvbi9zY3JpcHQtdGVzdHMvZXZlbnQtYWZ0ZXItbmF2aWdhdGlvbi5q cwkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwxMiBAQAorZGVzY3JpcHRpb24oJ1Rlc3RzIGZvciBh IGNyYXNoIHdoZXJlIGFuIGV2ZW50IGlzIGZpcmVkIGFmdGVyIHRoZSBwYWdlIGhhcyBiZWVuIG5h dmlnYXRlZCBhd2F5IHdoZW4gdGhlIG9yaWdpbmFsIHBhZ2UgaXMgaW4gdGhlIHBhZ2UgY2FjaGUu PGJyPjxicj5Ob3RlIHRoYXQgdGhlIGNyYXNoIGlzIG9ubHkgc2VlbiB3aXRoIFY4LicpOworCitp ZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgIGxheW91dFRlc3RDb250cm9sbGVy Lm92ZXJyaWRlUHJlZmVyZW5jZSgnV2ViS2l0VXNlc1BhZ2VDYWNoZVByZWZlcmVuY2VLZXknLCAx KTsKK2Vsc2UKKyAgICBkZWJ1ZygnVGhpcyB0ZXN0IGNhbiBub3QgYmUgcnVuIHdpdGhvdXQgdGhl IExheW91dFRlc3RDb250cm9sbGVyJyk7CisKK3dpbmRvdy5hZGRFdmVudExpc3RlbmVyKCdkZXZp Y2VvcmllbnRhdGlvbicsIGZ1bmN0aW9uKCkgeyB9ICk7Cit3aW5kb3cubG9jYXRpb24gPSAicmVz b3VyY2VzL2V2ZW50LWFmdGVyLW5hdmlnYXRpb24tbmV3Lmh0bWwiOworCit3aW5kb3cuanNUZXN0 SXNBc3luYyA9IHRydWU7Cit3aW5kb3cuc3VjY2Vzc2Z1bGx5UGFyc2VkID0gdHJ1ZTsK