Bug 17367

Summary:

ASSERT in HTMLTokenizer::~HTMLTokenizer loading javascript URL

Product:

WebKit

Reporter:

Geoffrey Garen <ggaren>

Component:

JavaScriptCore

Assignee:

Cameron Zwarich (cpst) <zwarich>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, darin, emacemac7, sam, zwarich

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.5

Attachments:

Description	Flags
reduction	none
Fix (without layout test)	none
Proposed patch	none

Geoffrey Garen

Reported 2008-02-14 15:42:34 PST

STEPS TO REPRODUCE: 1. Load javascript-url-crash-tokenizer.html, attached --> crash

Attachments
reduction (546 bytes, application/octet-stream) 2008-02-14 15:43 PST, Geoffrey Garen	no flags	Details
Fix (without layout test) (1.25 KB, patch) 2009-02-05 06:44 PST, Cameron Zwarich (cpst)	no flags	Details Formatted Diff Diff
Proposed patch (3.51 KB, patch) 2009-02-05 07:05 PST, Cameron Zwarich (cpst)	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Geoffrey Garen

Comment 1 2008-02-14 15:43:07 PST

Created attachment 19128 [details] reduction

Geoffrey Garen

Comment 2 2008-02-14 15:47:35 PST

<rdar://problem/5744401>

Cameron Zwarich (cpst)

Comment 3 2009-02-05 06:44:10 PST

Created attachment 27346 [details] Fix (without layout test) Here's the obvious fix. I'll turn Geoff's example into a layout test and post it for review.

Cameron Zwarich (cpst)

Comment 4 2009-02-05 07:05:32 PST

Created attachment 27347 [details] Proposed patch

Cameron Zwarich (cpst)

Comment 5 2009-02-05 08:21:29 PST

Comment on attachment 27347 [details] Proposed patch This doesn't leak the HTMLTokenizer entirely, but it only gets deleted from Document::removeLastRef(). I'll remove the review flag and look for a better solution.

Darin Adler

Comment 6 2009-09-22 15:18:02 PDT

Seems to have been fixed.

Note You need to log in before you can comment on or make changes to this bug.