Bug 30250

Summary:

[V8] Add a context scope in JS listener destructor

Product:

WebKit

Reporter:

Søren Gjesse <sgjesse>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED INVALID

Severity:

Normal

CC:

abarth, ager, commit-queue, dglazkov, eric

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
patch	none
patch	none

Søren Gjesse

Reported 2009-10-09 05:06:59 PDT

When a page is unloaded the JS listener destructor might be called without an active context. See http//crbug.com/24200.

Attachments
patch (1.29 KB, patch) 2009-10-09 05:08 PDT, Søren Gjesse	no flags	Details Formatted Diff Diff
patch (1.34 KB, patch) 2009-10-09 05:23 PDT, Søren Gjesse	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Søren Gjesse

Comment 1 2009-10-09 05:08:53 PDT

Created attachment 40943 [details] patch

Søren Gjesse

Comment 2 2009-10-09 05:23:12 PDT

Created attachment 40944 [details] patch

Eric Seidel (no email)

Comment 3 2009-10-09 09:42:19 PDT

CCing reviewers who know v8.

WebKit Commit Bot

Comment 4 2009-10-11 15:49:01 PDT

Comment on attachment 40944 [details] patch Clearing flags on attachment: 40944 Committed r49429: <http://trac.webkit.org/changeset/49429>

WebKit Commit Bot

Comment 5 2009-10-11 15:49:05 PDT

All reviewed patches have been landed. Closing bug.

Dimitri Glazkov (Google)

Comment 6 2009-10-12 14:32:03 PDT

Has this been tested? It broke the following layout tests across all platforms: LayoutTests/fast/dom/onload-open.html = CRASH LayoutTests/fast/dom/resource-locations-in-created-html-document.html = CRASH LayoutTests/fast/events/invalid-001.html = CRASH LayoutTests/fast/events/keypress-focus-change.html = CRASH LayoutTests/fast/events/mouseover-mouseout.html = CRASH LayoutTests/fast/events/mouseover-mouseout2.html = CRASH LayoutTests/http/tests/loading/gmail-assert-on-load.html = CRASH LayoutTests/http/tests/xmlhttprequest/frame-unload-abort-crash.html = CRASH LayoutTests/http/tests/xmlhttprequest/web-apps/012.html = CRASH LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-image-not-loaded-svg.svg = CRASH LayoutTests/svg/custom/js-update-transform-changes.svg = CRASH Can we please, please test before submitting changes? Rolled out in http://trac.webkit.org/changeset/49473.

Brian Burg

Comment 7 2014-12-16 00:48:23 PST

Closing some V8-related work items.

Note You need to log in before you can comment on or make changes to this bug.