WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
47257
DeviceOrientation crash when page is in page cache and is navigated while listener is registered
https://bugs.webkit.org/show_bug.cgi?id=47257
Summary
DeviceOrientation crash when page is in page cache and is navigated while lis...
Steve Block
Reported
2010-10-06 04:52:18 PDT
When a page is navigated while a listener is registered for DeviceOrientation events, a crash can occur if the controller later attempts to dispatch an event. We need to make sure all listeners are removed when the page is navigated. We currently remove all listeners from DOMWindow::removeAllEventListeners() but this is not called on page reload. We could add similar code to DOMWindow::clear().
Attachments
Patch
(4.11 KB, patch)
2010-10-14 04:24 PDT
,
Steve Block
jorlow
: review+
steveblock
: commit-queue-
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Steve Block
Comment 1
2010-10-14 04:18:38 PDT
This occurs only when the page is in the page cache, as in this case, event listeners are not unregistered. Note that a crash is only observed with V8.
Steve Block
Comment 2
2010-10-14 04:24:32 PDT
Created
attachment 70725
[details]
Patch
Jeremy Orlow
Comment 3
2010-10-14 05:19:38 PDT
Comment on
attachment 70725
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=70725&action=review
r=me
> LayoutTests/fast/dom/DeviceOrientation/script-tests/event-after-navigation.js:1 > +description('Tests for a crash where an event is fired after the page has been navigated away when the original page is in the page cache.<br><br>Note that the crash is only seen with V8.');
Is there any reason this crash can only possibly happen in V8? If not, this comment probably should be removed, even if we currently only see it in V8. If so, it should probably mention why it's V8 specific. This way it'll be clear whether the comment is stale.
Steve Block
Comment 4
2010-10-14 05:26:48 PDT
> Is there any reason this crash can only possibly happen in V8? If not, this > comment probably should be removed, even if we currently only see it in V8.
No, there's no fundamental reason why it should only happen with V8. The controller should never try to fire events once the document has gone. I'll remove the comment before landing.
Steve Block
Comment 5
2010-10-14 07:15:05 PDT
Committed
r69764
: <
http://trac.webkit.org/changeset/69764
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug