Modified: trunk/LayoutTests/ChangeLog (199839 => 199840)
--- trunk/LayoutTests/ChangeLog 2016-04-21 22:24:36 UTC (rev 199839)
+++ trunk/LayoutTests/ChangeLog 2016-04-21 22:50:50 UTC (rev 199840)
@@ -1,3 +1,15 @@
+2016-04-21 Jiewen Tan <jiewen_...@apple.com>
+
+ [iOS] DumpRenderTree crashed in com.apple.WebCore: WebCore::ResourceLoadNotifier::didFailToLoad
+ https://bugs.webkit.org/show_bug.cgi?id=156829
+ <rdar://problem/23348217>
+
+ Reviewed by Daniel Bates.
+
+ Unmark imported/blink/http/tests/css/remove-placeholder-styles.html as flaky because of bug fix.
+
+ * platform/ios-simulator-wk1/TestExpectations:
+
2016-04-21 Joseph Pecoraro <pecor...@apple.com>
Web Inspector: Debugger statement gets a space after it when pretty printed
Modified: trunk/LayoutTests/platform/ios-simulator-wk1/TestExpectations (199839 => 199840)
--- trunk/LayoutTests/platform/ios-simulator-wk1/TestExpectations 2016-04-21 22:24:36 UTC (rev 199839)
+++ trunk/LayoutTests/platform/ios-simulator-wk1/TestExpectations 2016-04-21 22:50:50 UTC (rev 199840)
@@ -1338,7 +1338,6 @@
imported/blink/fast/text-autosizing/subtree-relayout-input.html [ ImageOnlyFailure Pass ]
imported/blink/fast/text-autosizing/subtree-relayout.html [ ImageOnlyFailure Pass ]
imported/blink/fast/text/international/repaint-glyph-bounds.html [ ImageOnlyFailure Pass ]
-imported/blink/http/tests/css/remove-placeholder-styles.html [ Crash Pass ]
imported/blink/fast/masking/mask-serializing.html [ Crash Pass ]
imported/blink/fast/multicol/newmulticol/multicol-becomes-regular-block.html [ Crash Pass ]
imported/blink/editing/undo/crash-redo-with-iframes.html [ Failure Pass ]
Modified: trunk/Source/WebCore/ChangeLog (199839 => 199840)
--- trunk/Source/WebCore/ChangeLog 2016-04-21 22:24:36 UTC (rev 199839)
+++ trunk/Source/WebCore/ChangeLog 2016-04-21 22:50:50 UTC (rev 199840)
@@ -1,3 +1,23 @@
+2016-04-21 Jiewen Tan <jiewen_...@apple.com>
+
+ [iOS] DumpRenderTree crashed in com.apple.WebCore: WebCore::ResourceLoadNotifier::didFailToLoad
+ https://bugs.webkit.org/show_bug.cgi?id=156829
+ <rdar://problem/23348217>
+
+ Reviewed by Daniel Bates.
+
+ Ensure that the frame associated with the ResourceLoadNotifier is kept alive when notifying the Web Inspector.
+
+ Covered by existing tests.
+
+ * loader/ResourceLoadNotifier.cpp:
+ (WebCore::ResourceLoadNotifier::didFailToLoad):
+ (WebCore::ResourceLoadNotifier::dispatchWillSendRequest):
+ (WebCore::ResourceLoadNotifier::dispatchDidReceiveResponse):
+ (WebCore::ResourceLoadNotifier::dispatchDidReceiveData):
+ (WebCore::ResourceLoadNotifier::dispatchDidFinishLoading):
+ (WebCore::ResourceLoadNotifier::dispatchDidFailLoading):
+
2016-04-21 Brady Eidson <beid...@apple.com>
Modern IDB (Workers): More IDBConnectionProxy refactoring.
Modified: trunk/Source/WebCore/loader/ResourceLoadNotifier.cpp (199839 => 199840)
--- trunk/Source/WebCore/loader/ResourceLoadNotifier.cpp 2016-04-21 22:24:36 UTC (rev 199839)
+++ trunk/Source/WebCore/loader/ResourceLoadNotifier.cpp 2016-04-21 22:50:50 UTC (rev 199840)
@@ -108,6 +108,8 @@
if (Page* page = m_frame.page())
page->progress().completeProgress(loader->identifier());
+ // Notifying the FrameLoaderClient may cause the frame to be destroyed.
+ Ref<Frame> protect(m_frame);
if (!error.isNull())
m_frame.loader().client().dispatchDidFailLoading(loader->documentLoader(), loader->identifier(), error);
@@ -130,6 +132,8 @@
String oldRequestURL = request.url().string();
m_frame.loader().documentLoader()->didTellClientAboutLoad(request.url());
+ // Notifying the FrameLoaderClient may cause the frame to be destroyed.
+ Ref<Frame> protect(m_frame);
m_frame.loader().client().dispatchWillSendRequest(loader, identifier, request, redirectResponse);
// If the URL changed, then we want to put that new URL in the "did tell client" set too.
@@ -149,13 +153,18 @@
void ResourceLoadNotifier::dispatchDidReceiveResponse(DocumentLoader* loader, unsigned long identifier, const ResourceResponse& r, ResourceLoader* resourceLoader)
{
+ // Notifying the FrameLoaderClient may cause the frame to be destroyed.
+ Ref<Frame> protect(m_frame);
+ m_frame.loader().client().dispatchDidReceiveResponse(loader, identifier, r);
+
InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(&m_frame);
- m_frame.loader().client().dispatchDidReceiveResponse(loader, identifier, r);
InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, r, resourceLoader);
}
void ResourceLoadNotifier::dispatchDidReceiveData(DocumentLoader* loader, unsigned long identifier, const char* data, int dataLength, int encodedDataLength)
{
+ // Notifying the FrameLoaderClient may cause the frame to be destroyed.
+ Ref<Frame> protect(m_frame);
m_frame.loader().client().dispatchDidReceiveContentLength(loader, identifier, dataLength);
InspectorInstrumentation::didReceiveData(&m_frame, identifier, data, dataLength, encodedDataLength);
@@ -163,6 +172,8 @@
void ResourceLoadNotifier::dispatchDidFinishLoading(DocumentLoader* loader, unsigned long identifier, double finishTime)
{
+ // Notifying the FrameLoaderClient may cause the frame to be destroyed.
+ Ref<Frame> protect(m_frame);
m_frame.loader().client().dispatchDidFinishLoading(loader, identifier);
InspectorInstrumentation::didFinishLoading(&m_frame, loader, identifier, finishTime);
@@ -170,6 +181,8 @@
void ResourceLoadNotifier::dispatchDidFailLoading(DocumentLoader* loader, unsigned long identifier, const ResourceError& error)
{
+ // Notifying the FrameLoaderClient may cause the frame to be destroyed.
+ Ref<Frame> protect(m_frame);
m_frame.loader().client().dispatchDidFailLoading(loader, identifier, error);
InspectorInstrumentation::didFailLoading(&m_frame, loader, identifier, error);
