RESOLVED FIXED 56166
[V8] Crash when invoking MediaQueryListListener callback 
https://bugs.webkit.org/show_bug.cgi?id=56166
Summary [V8] Crash when invoking MediaQueryListListener callback
Dominic Cooney
Reported 2011-03-10 19:30:18 PST
Created attachment 85423 [details] Manual repro. Open the page, then resize the window to be narrower than 200px. Crash. MediaQueryList does not establish a V8 context when executing the callback. Thus Chromium crashes in the following kinds of situations: You print a document that has a print media query list with an attached listener. You load a document that has an iframe with a media query list with an attached listener. You resize a document that has a min/max-width/height media query list with an attached listener.
Attachments
Manual repro. Open the page, then resize the window to be narrower than 200px. Crash. (302 bytes, text/html)
2011-03-10 19:30 PST, Dominic Cooney 		no flags
Details
Patch (3.04 KB, patch)
2011-03-21 00:15 PDT, Dominic Cooney 		no flags
DetailsFormatted DiffDiff
Patch (4.07 KB, patch)
2011-03-21 01:37 PDT, Dominic Cooney 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Dominic Cooney
Comment 1 2011-03-10 19:31:21 PST
This is the WK bug for <http://code.google.com/p/chromium/issues/detail?id=75047>
Dominic Cooney
Comment 2 2011-03-21 00:15:06 PDT
Created attachment 86301 [details] Patch
Dominic Cooney
Comment 3 2011-03-21 01:37:32 PDT
Created attachment 86303 [details] Patch
Dominic Cooney
Comment 4 2011-03-21 01:57:50 PDT
I believe that this was broken since its inception in <http://trac.webkit.org/changeset/72552>.
Jeremy Orlow
Comment 5 2011-03-21 10:58:07 PDT
Comment on attachment 86303 [details] Patch Seems reasonable. r=me
WebKit Commit Bot
Comment 6 2011-03-21 11:20:18 PDT
Comment on attachment 86303 [details] Patch Clearing flags on attachment: 86303 Committed r81592: <http://trac.webkit.org/changeset/81592>
WebKit Commit Bot
Comment 7 2011-03-21 11:20:22 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.