Bug 31027

Summary: CRASH: Rehashing of EventListenerMap leads to loss of EventListenerList.
Product: WebKit Reporter: Dimitri Glazkov (Google) <dglazkov>
Component: WebCore JavaScriptAssignee: Vitaly Repeshko <vitalyr>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, ggaren, sullivan, vitalyr
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
URL: http://soundcloud.com/you/tracks
Attachments:
Description Flags
Layout Test/Reduction
none
patch: proposed fix
none
patch: proposed fix v2
none
patch: proposed fix v3 (now includes the test)
ggaren: review+
patch: proposed fix v4
dglazkov: review-
patch: proposed fix v5 dglazkov: review+

Description Dimitri Glazkov (Google) 2009-11-02 12:34:58 PST 
:(

.. which in turn ruins our brand new no-copy scheme. Have a layout test. Coming up in a sec.
Comment 1 Dimitri Glazkov (Google) 2009-11-02 12:37:47 PST 
Created attachment 42338 [details]
Layout Test/Reduction
Comment 2 Geoffrey Garen 2009-11-02 13:49:08 PST 
I guess we need to store a pointer to a vector, instead of a vector, in the event target's hash table.
Comment 3 Geoffrey Garen 2009-11-02 13:53:35 PST 
<rdar://problem/7358150>
Comment 4 Dimitri Glazkov (Google) 2009-11-02 14:05:45 PST 
Just to avoid double-work... Geoffrey, are you working on this or am I :)?
Comment 5 Dimitri Glazkov (Google) 2009-11-02 14:18:44 PST 
Vitaly wins the straw poll!
Comment 6 Vitaly Repeshko 2009-11-03 05:43:22 PST 
Created attachment 42371 [details]
patch: proposed fix
Comment 7 Vitaly Repeshko 2009-11-03 06:46:21 PST 
Created attachment 42376 [details]
patch: proposed fix v2
Comment 8 Dimitri Glazkov (Google) 2009-11-03 09:43:53 PST 
You probably need to also include my test in your patch.
Comment 9 Vitaly Repeshko 2009-11-03 11:54:24 PST 
Created attachment 42402 [details]
patch: proposed fix v3 (now includes the test)
Comment 10 Darin Adler 2009-11-03 15:56:01 PST 
I think Geoff should review this.
Comment 11 Geoffrey Garen 2009-11-04 14:56:43 PST 
Comment on attachment 42402 [details]
patch: proposed fix v3 (now includes the test)

r=me

Please update your ChangeLogs to match the title of this bug.
Comment 12 Vitaly Repeshko 2009-11-04 22:00:28 PST 
Created attachment 42546 [details]
patch: proposed fix v4
Comment 13 Vitaly Repeshko 2009-11-04 22:00:53 PST 
(In reply to comment #11)
> (From update of attachment 42402 [details])
> r=me
> 
> Please update your ChangeLogs to match the title of this bug.

Done.
Comment 14 Dimitri Glazkov (Google) 2009-11-04 22:16:08 PST 
Comment on attachment 42546 [details]
patch: proposed fix v4

great!
Comment 15 Dimitri Glazkov (Google) 2009-11-05 10:47:54 PST 
Comment on attachment 42546 [details]
patch: proposed fix v4

Also needs to build with USE(JSC) == 1.
Comment 16 Vitaly Repeshko 2009-11-05 11:51:40 PST 
Created attachment 42583 [details]
patch: proposed fix v5
Comment 17 Vitaly Repeshko 2009-11-05 11:52:40 PST 
(In reply to comment #15)
> (From update of attachment 42546 [details])
> Also needs to build with USE(JSC) == 1.

Oops. Done.
Comment 18 Dimitri Glazkov (Google) 2009-11-05 11:55:42 PST 
Comment on attachment 42583 [details]
patch: proposed fix v5

r=Geof and me.
Comment 19 Dimitri Glazkov (Google) 2009-11-05 12:11:01 PST 
Landed as http://trac.webkit.org/changeset/50573.