Bug 31998

Summary: REGRESSION (r49564): Crash in updateGlobalHistory when running Javascript iBench test
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Other   
OS: Windows XP   
Attachments:
Description Flags
Patch none

Adam Roben (:aroben)
Reported 2009-11-30 13:32:22 PST
Created attachment 44039 [details] Patch Looks like there's a double-delete of the BSTRs here. updateGlobalHistory creates WebCore::BStrings and passes them to WebNavigationData::createInstance, which tries to adopt the BSTRs that the BStrings wrap. But the BStrings haven't given up ownership!
Attachments
Patch (5.75 KB, patch)
2009-11-30 13:32 PST, Adam Roben (:aroben) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2009-11-30 13:33:58 PST
<rdar://problem/7383452>
Adam Barth
Comment 2 2009-11-30 13:37:03 PST
style-queue ran check-webkit-style on attachment 44039 [details] without any errors.
Adam Roben (:aroben)
Comment 3 2009-11-30 13:41:46 PST
Committed r51510: <http://trac.webkit.org/changeset/51510>
Eric Seidel (no email)
Comment 4 2009-11-30 21:42:39 PST
Comment on attachment 44039 [details] Patch Clearing r? on a committed patch.
Note You need to log in before you can comment on or make changes to this bug.