| Summary: | DeviceOrientation crash when page is in page cache and is navigated while listener is registered | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Steve Block <steveblock> | ||||
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | hans, jorlow, steveblock | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 30335 | ||||||
| Attachments: |
|
||||||
|
Description
Steve Block
2010-10-06 04:52:18 PDT
This occurs only when the page is in the page cache, as in this case, event listeners are not unregistered. Note that a crash is only observed with V8. Created attachment 70725 [details]
Patch
Comment on attachment 70725 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=70725&action=review r=me > LayoutTests/fast/dom/DeviceOrientation/script-tests/event-after-navigation.js:1 > +description('Tests for a crash where an event is fired after the page has been navigated away when the original page is in the page cache.<br><br>Note that the crash is only seen with V8.'); Is there any reason this crash can only possibly happen in V8? If not, this comment probably should be removed, even if we currently only see it in V8. If so, it should probably mention why it's V8 specific. This way it'll be clear whether the comment is stale. > Is there any reason this crash can only possibly happen in V8? If not, this
> comment probably should be removed, even if we currently only see it in V8.
No, there's no fundamental reason why it should only happen with V8. The controller should never try to fire events once the document has gone. I'll remove the comment before landing.
Committed r69764: <http://trac.webkit.org/changeset/69764> |