Comment #6 on issue 9944 by da...@chromium.org: Crash - WebCore::FrameLoader::activeDocumentLoader() http://code.google.com/p/chromium/issues/detail?id=9944
OK, I think I understand this crash. FrameLoader::detachFromParent() calls setDocumentLoader(0), which calls m_documentLoader->detachFromFrame(). That nulls out DocumentLoader::m_frame. Next, FrameLoader::detachFromParent() calls closeAndRemoveChild. This implies that we are removing a subframe. It looks like for this crash to occur, that subframe must have still been loading a subresource of its own. Because when subresources are torn down, they communicate back to their DocumentLoader. In the DocumentLoader's removeSubresourceLoader, we however find that our m_frame is null. Looking at the source for DocumentLoader::removeSubresourceLoader, it is apparent that someone expected this condition to occur because it null checks m_frame before calling FrameLoader::checkLoadComplete. the bug here (i think) is that updateLoading() does not do similar null checking of m_frame. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---