Bug 30250

Summary: [V8] Add a context scope in JS listener destructor
Product: WebKit Reporter: Søren Gjesse <sgjesse>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: abarth, ager, commit-queue, dglazkov, eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch
none
patch none

Søren Gjesse
Reported 2009-10-09 05:06:59 PDT
When a page is unloaded the JS listener destructor might be called without an active context. See http//crbug.com/24200.
Attachments
patch (1.29 KB, patch)
2009-10-09 05:08 PDT, Søren Gjesse 		no flags
DetailsFormatted DiffDiff
patch (1.34 KB, patch)
2009-10-09 05:23 PDT, Søren Gjesse 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Søren Gjesse
Comment 1 2009-10-09 05:08:53 PDT
Created attachment 40943 [details] patch
Søren Gjesse
Comment 2 2009-10-09 05:23:12 PDT
Created attachment 40944 [details] patch
Eric Seidel (no email)
Comment 3 2009-10-09 09:42:19 PDT
CCing reviewers who know v8.
WebKit Commit Bot
Comment 4 2009-10-11 15:49:01 PDT
Comment on attachment 40944 [details] patch Clearing flags on attachment: 40944 Committed r49429: <http://trac.webkit.org/changeset/49429>
WebKit Commit Bot
Comment 5 2009-10-11 15:49:05 PDT
All reviewed patches have been landed. Closing bug.
Dimitri Glazkov (Google)
Comment 6 2009-10-12 14:32:03 PDT
Has this been tested? It broke the following layout tests across all platforms: LayoutTests/fast/dom/onload-open.html = CRASH LayoutTests/fast/dom/resource-locations-in-created-html-document.html = CRASH LayoutTests/fast/events/invalid-001.html = CRASH LayoutTests/fast/events/keypress-focus-change.html = CRASH LayoutTests/fast/events/mouseover-mouseout.html = CRASH LayoutTests/fast/events/mouseover-mouseout2.html = CRASH LayoutTests/http/tests/loading/gmail-assert-on-load.html = CRASH LayoutTests/http/tests/xmlhttprequest/frame-unload-abort-crash.html = CRASH LayoutTests/http/tests/xmlhttprequest/web-apps/012.html = CRASH LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-image-not-loaded-svg.svg = CRASH LayoutTests/svg/custom/js-update-transform-changes.svg = CRASH Can we please, please test before submitting changes? Rolled out in http://trac.webkit.org/changeset/49473.
Brian Burg
Comment 7 2014-12-16 00:48:23 PST
Closing some V8-related work items.
Note You need to log in before you can comment on or make changes to this bug.