Bug 31027

Summary: CRASH: Rehashing of EventListenerMap leads to loss of EventListenerList.
Product: WebKit Reporter: Dimitri Glazkov (Google) <dglazkov>
Component: WebCore JavaScriptAssignee: Vitaly Repeshko <vitalyr>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, ggaren, sullivan, vitalyr
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
URL: http://soundcloud.com/you/tracks
Attachments:
Description Flags
Layout Test/Reduction
none
patch: proposed fix
none
patch: proposed fix v2
none
patch: proposed fix v3 (now includes the test)
ggaren: review+
patch: proposed fix v4
dglazkov: review-
patch: proposed fix v5 dglazkov: review+

Dimitri Glazkov (Google)
Reported 2009-11-02 12:34:58 PST
:( .. which in turn ruins our brand new no-copy scheme. Have a layout test. Coming up in a sec.
Attachments
Layout Test/Reduction (1.66 KB, patch)
2009-11-02 12:37 PST, Dimitri Glazkov (Google) 		no flags
DetailsFormatted DiffDiff
patch: proposed fix (7.10 KB, patch)
2009-11-03 05:43 PST, Vitaly Repeshko 		no flags
DetailsFormatted DiffDiff
patch: proposed fix v2 (6.82 KB, patch)
2009-11-03 06:46 PST, Vitaly Repeshko 		no flags
DetailsFormatted DiffDiff
patch: proposed fix v3 (now includes the test) (8.97 KB, patch)
2009-11-03 11:54 PST, Vitaly Repeshko 		ggaren: review+
DetailsFormatted DiffDiff
patch: proposed fix v4 (8.96 KB, patch)
2009-11-04 22:00 PST, Vitaly Repeshko 		dglazkov: review-
DetailsFormatted DiffDiff
patch: proposed fix v5 (9.57 KB, patch)
2009-11-05 11:51 PST, Vitaly Repeshko 		dglazkov: review+
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Dimitri Glazkov (Google)
Comment 1 2009-11-02 12:37:47 PST
Created attachment 42338 [details] Layout Test/Reduction
Geoffrey Garen
Comment 2 2009-11-02 13:49:08 PST
I guess we need to store a pointer to a vector, instead of a vector, in the event target's hash table.
Geoffrey Garen
Comment 3 2009-11-02 13:53:35 PST
<rdar://problem/7358150>
Dimitri Glazkov (Google)
Comment 4 2009-11-02 14:05:45 PST
Just to avoid double-work... Geoffrey, are you working on this or am I :)?
Dimitri Glazkov (Google)
Comment 5 2009-11-02 14:18:44 PST
Vitaly wins the straw poll!
Vitaly Repeshko
Comment 6 2009-11-03 05:43:22 PST
Created attachment 42371 [details] patch: proposed fix
Vitaly Repeshko
Comment 7 2009-11-03 06:46:21 PST
Created attachment 42376 [details] patch: proposed fix v2
Dimitri Glazkov (Google)
Comment 8 2009-11-03 09:43:53 PST
You probably need to also include my test in your patch.
Vitaly Repeshko
Comment 9 2009-11-03 11:54:24 PST
Created attachment 42402 [details] patch: proposed fix v3 (now includes the test)
Darin Adler
Comment 10 2009-11-03 15:56:01 PST
I think Geoff should review this.
Geoffrey Garen
Comment 11 2009-11-04 14:56:43 PST
Comment on attachment 42402 [details] patch: proposed fix v3 (now includes the test) r=me Please update your ChangeLogs to match the title of this bug.
Vitaly Repeshko
Comment 12 2009-11-04 22:00:28 PST
Created attachment 42546 [details] patch: proposed fix v4
Vitaly Repeshko
Comment 13 2009-11-04 22:00:53 PST
(In reply to comment #11) > (From update of attachment 42402 [details]) > r=me > > Please update your ChangeLogs to match the title of this bug. Done.
Dimitri Glazkov (Google)
Comment 14 2009-11-04 22:16:08 PST
Comment on attachment 42546 [details] patch: proposed fix v4 great!
Dimitri Glazkov (Google)
Comment 15 2009-11-05 10:47:54 PST
Comment on attachment 42546 [details] patch: proposed fix v4 Also needs to build with USE(JSC) == 1.
Vitaly Repeshko
Comment 16 2009-11-05 11:51:40 PST
Created attachment 42583 [details] patch: proposed fix v5
Vitaly Repeshko
Comment 17 2009-11-05 11:52:40 PST
(In reply to comment #15) > (From update of attachment 42546 [details]) > Also needs to build with USE(JSC) == 1. Oops. Done.
Dimitri Glazkov (Google)
Comment 18 2009-11-05 11:55:42 PST
Comment on attachment 42583 [details] patch: proposed fix v5 r=Geof and me.
Dimitri Glazkov (Google)
Comment 19 2009-11-05 12:11:01 PST
Landed as http://trac.webkit.org/changeset/50573.
Note You need to log in before you can comment on or make changes to this bug.