Issue 3893: Chrome: Crash Report - Stack Signature: -295A5B
http://code.google.com/p/chromium/issues/detail?id=3893
Comment #7 by [EMAIL PROTECTED]:
> It looks like the RefPtr m_inlineStyleDecl already had a ref count of 0
or was
Alas the generated stacktrace is wrong; this has nothing to do with
StyleElement.
Unassembling @ 0x0x010a4c12 reveals the truth: we were invoking the virtual
destructor for EventListener by calling [eax+8]
(eax = 1dbabe8), which was pointing at 0 (hence access violation).
This crash would have happened while navigating away from the page, and
unregistering events on the disconnected nodes of the
previous page (i.e. nodes which were no longer in DOM, but still were
referenced).
The issue looks to be that we hold a reference to the target node within
AutoCompleteInputListener (specifically its
delegate). This probably is unnecessary, or at least should be addressed
differently. Alternatively we might be able to hold a
reference while unregistering the listeners to postpone destruction until
after the listener list is deleted (although this is
more hacky).
Adding Jay who knows more about this, and I think has seen this problem
before.
I will see about writing a repro case to match this theory.
Issue attribute updates:
Cc: [EMAIL PROTECTED]
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
