RESOLVED DUPLICATE of bug 7899 14895
[Crash] FrameTree::uniqueChildName generates non-unique names 
https://bugs.webkit.org/show_bug.cgi?id=14895
Summary [Crash] FrameTree::uniqueChildName generates non-unique names
Brett Wilson (Google)
Reported 2007-08-07 10:56:24 PDT
I am seeing a hard-to-reproduce crash on a number of sites including http://www.jrj.com.cn/ The crash is in EventHandler::passWheelEventToWidget (and presumably other input events) when you use the scroll wheel over certain iframes (seems to depend on timing) because the widget for the RenderWidget is NULL The widget is NULL because the iframe is never initialized properly. The iframe is never initialized properly because the redirect timer was canceled by another iframe that got the same "unique" internal frame name. FrameTree::uniqueChildName uses childCount() to generate a "unique" name for a child frame. However, this value can repeat if frames are removed from the parent.
Attachments
Add attachment proposed patch, testcase, etc.
Brett Wilson (Google)
Comment 1 2007-08-07 10:59:46 PDT
I have a patch for this.
Geoffrey Garen
Comment 2 2007-08-07 11:21:04 PDT
This is a dup, but I can't find the original right now. You might want to do some searching -- I remember past patches for this issue causing significant regressions.
Brett Wilson (Google)
Comment 3 2007-08-07 11:31:09 PDT
*** This bug has been marked as a duplicate of 7899 ***
Note You need to log in before you can comment on or make changes to this bug.