34535 – Add a test for ImageLoader crashes in WebCore::ImageEventSender::dispatchPendingEvents()

Bug 34535 - Add a test for ImageLoader crashes in WebCore::ImageEventSender::dispatchPendingEvents()

Summary: Add a test for ImageLoader crashes in WebCore::ImageEventSender::dispatchPend...

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Tools / Tests (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC All

Importance:	P2 Normal
Assignee:	Victor Wang

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-02-03 10:25 PST by Victor Wang
Modified:	2010-02-09 17:59 PST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Wang 2010-02-03 10:25:20 PST

See bug for the crash details and fix proposed:
https://bugs.webkit.org/show_bug.cgi?id=34490

The crash happens if ImageLoader (owned by HTMLImageElement) is destroyed after
it has been added to ImageEventSender::m_dispatchSoonList but before the
pending load events are dispatched (by timer, HTMLParser::finished etc).

The fix is always remove the image loader from pending event queue whenever the loader is
destroyed.

The crash could not be easily repro because of all the timing issues: it
depends on the time the ImageLoader timer fires, the time HTMLImageElement is
destroyed and collected by GC, the image loading time and the time a new empty
image src is sets to existing loader etc.

Because of all the timing issues, not sure there is a way to create a reliable test for it.
Create this bug so I could commit the patch to fix crash first and figure out test case later.

Comment 1 Alexey Proskuryakov 2010-02-09 17:59:13 PST

There is a test to go with the fix now, no need to track it separately.