Created attachment 43519 [details] Bug example A bug occurs when a new Object is made available to javascript (addToJavascriptWindowObject) and when this new object is at the same address in memory than a previously deleted object (which one was also made available to javascript at some point). In that case, a javascript exception is raised saying that you are trying to access a deleted object, when actually the object that you are trying to access is not deleted. (It just raises that exception because the new object occupies a memory address that has been previously marked as deleted). Bug spotted using Qt 4.5.1 I attach to this report a small example illustrating the bug.
ACK. This may be fixable inside QtInstance::getQtInstance
Created attachment 43682 [details] Potential fix, without changelog and testcase. Yoann, can you try the attached patch? It shouldn't be too hard to turn your testcase into a unit test. Want to have a go at it? :)
I guess it would be nice with some comments in the code as well.
Created attachment 43702 [details] Patch
Just tried the patch, it works just fine now :)
Comment on attachment 43702 [details] Patch Clearing flags on attachment: 43702 Committed r51306: <http://trac.webkit.org/changeset/51306>
All reviewed patches have been landed. Closing bug.