Bug 34535
| Summary: | Add a test for ImageLoader crashes in WebCore::ImageEventSender::dispatchPendingEvents() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Victor Wang <victorw> |
| Component: | Tools / Tests | Assignee: | Victor Wang <victorw> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | ||
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | All | ||
Victor Wang
See bug for the crash details and fix proposed:
https://bugs.webkit.org/show_bug.cgi?id=34490
The crash happens if ImageLoader (owned by HTMLImageElement) is destroyed after
it has been added to ImageEventSender::m_dispatchSoonList but before the
pending load events are dispatched (by timer, HTMLParser::finished etc).
The fix is always remove the image loader from pending event queue whenever the loader is
destroyed.
The crash could not be easily repro because of all the timing issues: it
depends on the time the ImageLoader timer fires, the time HTMLImageElement is
destroyed and collected by GC, the image loading time and the time a new empty
image src is sets to existing loader etc.
Because of all the timing issues, not sure there is a way to create a reliable test for it.
Create this bug so I could commit the patch to fix crash first and figure out test case later.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
There is a test to go with the fix now, no need to track it separately.