Bug 24325

Summary: Crash on replacing document contents during drop
Product: WebKit Reporter: Scott Violet <sky>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Attachments:
Description Flags
Fix for 24325
none
Fix for 24325 eric: review+

Scott Violet
Reported 2009-03-03 09:48:15 PST
I came across this when tracking down another crash. If you have a DOM mutation event listener and it replaces the entire contents of the document during a drop, we crash. I know, this is contrived, but it's a crash none the less.
Attachments
Fix for 24325 (4.11 KB, patch)
2009-03-03 09:53 PST, Scott Violet 		no flags
DetailsFormatted DiffDiff
Fix for 24325 (4.06 KB, patch)
2009-03-03 12:26 PST, Scott Violet 		eric: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Scott Violet
Comment 1 2009-03-03 09:53:38 PST
Created attachment 28226 [details] Fix for 24325
Eric Seidel (no email)
Comment 2 2009-03-03 11:53:39 PST
Comment on attachment 28226 [details] Fix for 24325 This looks fine. I'm surprised that the test case needs to use waitUntilDone() Ideally the test case should also set the text to PASSED when it's done. The blank page would confuse me at first.
Scott Violet
Comment 3 2009-03-03 12:26:48 PST
Created attachment 28234 [details] Fix for 24325 Changes output to be PASSED and removes waitForDone/NotifyDone.
Eric Seidel (no email)
Comment 4 2009-03-03 12:28:11 PST
Comment on attachment 28234 [details] Fix for 24325 Looks fine.
Dimitri Glazkov (Google)
Comment 5 2009-03-03 13:13:17 PST
Landed as http://trac.webkit.org/changeset/41403.
Note You need to log in before you can comment on or make changes to this bug.