RESOLVED FIXED 17367
ASSERT in HTMLTokenizer::~HTMLTokenizer loading javascript URL 
https://bugs.webkit.org/show_bug.cgi?id=17367
Summary ASSERT in HTMLTokenizer::~HTMLTokenizer loading javascript URL
Geoffrey Garen
Reported 2008-02-14 15:42:34 PST
STEPS TO REPRODUCE: 1. Load javascript-url-crash-tokenizer.html, attached --> crash
Attachments
reduction (546 bytes, application/octet-stream)
2008-02-14 15:43 PST, Geoffrey Garen 		no flags
Details
Fix (without layout test) (1.25 KB, patch)
2009-02-05 06:44 PST, Cameron Zwarich (cpst) 		no flags
DetailsFormatted DiffDiff
Proposed patch (3.51 KB, patch)
2009-02-05 07:05 PST, Cameron Zwarich (cpst) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Geoffrey Garen
Comment 1 2008-02-14 15:43:07 PST
Created attachment 19128 [details] reduction
Geoffrey Garen
Comment 2 2008-02-14 15:47:35 PST
<rdar://problem/5744401>
Cameron Zwarich (cpst)
Comment 3 2009-02-05 06:44:10 PST
Created attachment 27346 [details] Fix (without layout test) Here's the obvious fix. I'll turn Geoff's example into a layout test and post it for review.
Cameron Zwarich (cpst)
Comment 4 2009-02-05 07:05:32 PST
Created attachment 27347 [details] Proposed patch
Cameron Zwarich (cpst)
Comment 5 2009-02-05 08:21:29 PST
Comment on attachment 27347 [details] Proposed patch This doesn't leak the HTMLTokenizer entirely, but it only gets deleted from Document::removeLastRef(). I'll remove the review flag and look for a better solution.
Darin Adler
Comment 6 2009-09-22 15:18:02 PDT
Seems to have been fixed.
Note You need to log in before you can comment on or make changes to this bug.