[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

dimich at chromium.org dimich at chromium.org
Thu Apr 8 02:12:03 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 912f290a1c1b9630a8f1869daa02489eeb7632dc
Author: dimich at chromium.org <dimich at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Mar 6 03:16:50 2010 +0000

    Add a manual test for crash in DOMWindow::clearTimeout when DOMWindow is not connected to Frame
    https://bugs.webkit.org/show_bug.cgi?id=32353
    
    Reviewed by Oliver Hunt.
    
    * manual-tests/clearTimeout-crash-bug29832.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@55609 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 45e1151..63f2e8d 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,5 +1,14 @@
 2010-03-05  Dmitry Titov  <dimich at chromium.org>
 
+        Reviewed by Oliver Hunt.
+
+        Add a manual test for crash in DOMWindow::clearTimeout when DOMWindow is not connected to Frame
+        https://bugs.webkit.org/show_bug.cgi?id=32353
+
+        * manual-tests/clearTimeout-crash-bug29832.html: Added.
+
+2010-03-05  Dmitry Titov  <dimich at chromium.org>
+
         Reviewed by David Levin.
 
         [v8] Remove wrong assert in GC callback
diff --git a/WebCore/manual-tests/clearTimeout-crash-bug29832.html b/WebCore/manual-tests/clearTimeout-crash-bug29832.html
new file mode 100644
index 0000000..d9ec5c7
--- /dev/null
+++ b/WebCore/manual-tests/clearTimeout-crash-bug29832.html
@@ -0,0 +1,20 @@
+<script>
+var w;
+function clear() {
+    w.clearTimeout(153);
+}
+
+function test() {
+    w = window.open("data:text/html,"+
+        "<script>" +
+        "function navigate() { location.href='data:text/html,<body>Close this page and wait.</body>'};" +
+        "setTimeout(navigate,0);</" + 
+        "script>");
+
+    setInterval(clear, 0);
+}
+</script>
+<body>
+<p>This test reproduces the crash in DOMWindow::clearTimeout that happens when DOMWindow is disconnected from the Frame (as in back/forward cache expiration case tested here).
+<p>This is the link to the bug: <a href="https://bugs.webkit.org/show_bug.cgi?id=29832">https://bugs.webkit.org/show_bug.cgi?id=29832</a>
+<p>To reproduce the crash, click the link below, the popup window opens, which will immediately navigate to another one, so the b/f cache entry will be created. Close the popup window. Wait a few seconds (~10), for the page cache to start deleting pages it doesn't need - crash will happen.<br><a href="javascript:test()">Crash me!</a>

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list