RESOLVED FIXED 38514
Crash in handleTouchEvent: using dangling node ptrs in hashmap 
https://bugs.webkit.org/show_bug.cgi?id=38514
Summary Crash in handleTouchEvent: using dangling node ptrs in hashmap
Ben Murdoch
Reported 2010-05-04 04:12:40 PDT
If you visit a page that uses touch events and trigger a navigation whilst your finger is still pressed down (and that causes the Node's of the old page to be deleted) then when you lift your finger on the new page we take the old (now dangling) node ptr from the m_originatingTouchPointsTargets map and try to ref it in the Touch constructor which causes a crash. The fix is to empty the map when the event handlers are cleared. Patch and layout test to follow.
Attachments
Proposed patch and test. (5.31 KB, patch)
2010-05-04 05:26 PDT, Ben Murdoch 		no flags
DetailsFormatted DiffDiff
Proposed patch and test. (5.33 KB, patch)
2010-05-04 05:29 PDT, Ben Murdoch 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ben Murdoch
Comment 1 2010-05-04 05:26:34 PDT
Created attachment 55011 [details] Proposed patch and test. Proposed patch.
Ben Murdoch
Comment 2 2010-05-04 05:29:43 PDT
Created attachment 55012 [details] Proposed patch and test. Change comments in the test slightly.
WebKit Commit Bot
Comment 3 2010-05-04 08:30:17 PDT
Comment on attachment 55012 [details] Proposed patch and test. Clearing flags on attachment: 55012 Committed r58760: <http://trac.webkit.org/changeset/58760>
WebKit Commit Bot
Comment 4 2010-05-04 08:30:24 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.