Title: [186642] trunk/Source/WebCore
- Revision
- 186642
- Author
- beid...@apple.com
- Date
- 2015-07-09 15:30:42 -0700 (Thu, 09 Jul 2015)
Log Message
DocumentLoader::detachFromFrame() is being called with no current Frame set.
<rdar://problem/21293082> and https://bugs.webkit.org/show_bug.cgi?id=146786
Reviewed by Sam Weinig.
No new tests (Unknown how to reproduce).
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::attachToFrame):
(WebCore::DocumentLoader::detachFromFrame): Null check m_frame before dereferencing it.
(WebCore::DocumentLoader::setFrame): Deleted, renamed to attachToFrame(), and take's
a Frame& instead of a Frame*.
* loader/DocumentLoader.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::initForSynthesizedDocument): setFrame is now attachToFrame.
(WebCore::FrameLoader::setPolicyDocumentLoader): Ditto.
(WebCore::FrameLoader::transitionToCommitted): Ditto.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (186641 => 186642)
--- trunk/Source/WebCore/ChangeLog 2015-07-09 22:28:01 UTC (rev 186641)
+++ trunk/Source/WebCore/ChangeLog 2015-07-09 22:30:42 UTC (rev 186642)
@@ -1,3 +1,24 @@
+2015-07-09 Brady Eidson <beid...@apple.com>
+
+ DocumentLoader::detachFromFrame() is being called with no current Frame set.
+ <rdar://problem/21293082> and https://bugs.webkit.org/show_bug.cgi?id=146786
+
+ Reviewed by Sam Weinig.
+
+ No new tests (Unknown how to reproduce).
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::attachToFrame):
+ (WebCore::DocumentLoader::detachFromFrame): Null check m_frame before dereferencing it.
+ (WebCore::DocumentLoader::setFrame): Deleted, renamed to attachToFrame(), and take's
+ a Frame& instead of a Frame*.
+ * loader/DocumentLoader.h:
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::initForSynthesizedDocument): setFrame is now attachToFrame.
+ (WebCore::FrameLoader::setPolicyDocumentLoader): Ditto.
+ (WebCore::FrameLoader::transitionToCommitted): Ditto.
+
2015-07-09 Matthew Daiter <mdai...@apple.com>
Expose MediaStream methods to be used in the MediaStream Engine
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (186641 => 186642)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2015-07-09 22:28:01 UTC (rev 186641)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2015-07-09 22:30:42 UTC (rev 186642)
@@ -899,13 +899,11 @@
m_frame->document()->domWindow()->finishedLoading();
}
-void DocumentLoader::setFrame(Frame* frame)
+void DocumentLoader::attachToFrame(Frame& frame)
{
- if (m_frame == frame)
- return;
- ASSERT(frame && !m_frame);
- m_frame = frame;
- m_writer.setFrame(frame);
+ ASSERT(!m_frame);
+ m_frame = &frame;
+ m_writer.setFrame(&frame);
attachToFrame();
}
@@ -930,7 +928,14 @@
#endif
m_applicationCacheHost->setDOMApplicationCache(nullptr);
- InspectorInstrumentation::loaderDetachedFromFrame(*m_frame, *this);
+
+ // Even though we ASSERT at the top of this method that we have an m_frame, we're seeing crashes where m_frame is null.
+ // This means either that a DocumentLoader is detaching twice, or is detaching before ever having attached.
+ // Until we figure out how that is happening, null check m_frame before dereferencing it here.
+ // <rdar://problem/21293082> and https://bugs.webkit.org/show_bug.cgi?id=146786
+ if (m_frame)
+ InspectorInstrumentation::loaderDetachedFromFrame(*m_frame, *this);
+
m_frame = nullptr;
// The call to stopLoading() above should have canceled any pending content policy check.
ASSERT_WITH_MESSAGE(!m_waitingForContentPolicy, "The content policy callback needs a valid frame.");
Modified: trunk/Source/WebCore/loader/DocumentLoader.h (186641 => 186642)
--- trunk/Source/WebCore/loader/DocumentLoader.h 2015-07-09 22:28:01 UTC (rev 186641)
+++ trunk/Source/WebCore/loader/DocumentLoader.h 2015-07-09 22:30:42 UTC (rev 186642)
@@ -88,10 +88,9 @@
}
WEBCORE_EXPORT virtual ~DocumentLoader();
- WEBCORE_EXPORT void setFrame(Frame*);
+ void attachToFrame(Frame&);
Frame* frame() const { return m_frame; }
- WEBCORE_EXPORT virtual void attachToFrame();
WEBCORE_EXPORT virtual void detachFromFrame();
WEBCORE_EXPORT FrameLoader* frameLoader() const;
@@ -281,6 +280,8 @@
protected:
WEBCORE_EXPORT DocumentLoader(const ResourceRequest&, const SubstituteData&);
+ WEBCORE_EXPORT virtual void attachToFrame();
+
bool m_deferMainResourceDataLoad;
private:
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (186641 => 186642)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2015-07-09 22:28:01 UTC (rev 186641)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2015-07-09 22:30:42 UTC (rev 186642)
@@ -276,7 +276,7 @@
// FrameLoader::checkCompleted() will overwrite the URL of the document to be activeDocumentLoader()->documentURL().
RefPtr<DocumentLoader> loader = m_client.createDocumentLoader(ResourceRequest(URL(ParsedURLString, emptyString())), SubstituteData());
- loader->setFrame(&m_frame);
+ loader->attachToFrame(m_frame);
loader->setResponse(ResourceResponse(URL(), ASCIILiteral("text/html"), 0, String()));
loader->setCommitted(true);
setDocumentLoader(loader.get());
@@ -1697,7 +1697,7 @@
return;
if (loader)
- loader->setFrame(&m_frame);
+ loader->attachToFrame(m_frame);
if (m_policyDocumentLoader
&& m_policyDocumentLoader != m_provisionalDocumentLoader
&& m_policyDocumentLoader != m_documentLoader)
@@ -1937,7 +1937,7 @@
if (cachedPage) {
DocumentLoader* cachedDocumentLoader = cachedPage->documentLoader();
ASSERT(cachedDocumentLoader);
- cachedDocumentLoader->setFrame(&m_frame);
+ cachedDocumentLoader->attachToFrame(m_frame);
m_client.transitionToCommittedFromCachedFrame(cachedPage->cachedMainFrame());
} else
m_client.transitionToCommittedForNewPage();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
