[webkit-changes] [291653] branches/safari-613-branch/Source/WebCore

[alancoon]

Title: [291653] branches/safari-613-branch/Source/WebCore

Revision

291653

Author

alanc...@apple.com

Date

2022-03-22 10:55:53 -0700 (Tue, 22 Mar 2022)

Log Message

Cherry-pick r290994. rdar://problem/89923867

    REGRESSION (r290853): CrashTracer: com.apple.WebKit.WebContent.Development at com.apple.WebCore: WebCore::FrameLoader::clear
    https://bugs.webkit.org/show_bug.cgi?id=237565
    <rdar://problem/88356074>

    Reviewed by Chris Dumez.

    No new tests. Fixes crashing test: accessibility/mac/value-change/value-change-user-info-textarea.html

    newDocument may be the frame's document. We should make it a RefPtr
    because it could get set to null in this function.

    * loader/FrameLoader.cpp:
    (WebCore::FrameLoader::clear):
    * loader/FrameLoader.h:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290994 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

• branches/safari-613-branch/Source/WebCore/ChangeLog
• branches/safari-613-branch/Source/WebCore/loader/FrameLoader.cpp
• branches/safari-613-branch/Source/WebCore/loader/FrameLoader.h

Diff

Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (291652 => 291653)

--- branches/safari-613-branch/Source/WebCore/ChangeLog	2022-03-22 17:55:50 UTC (rev 291652)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog	2022-03-22 17:55:53 UTC (rev 291653)
@@ -1,5 +1,44 @@
 2022-03-21  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r290994. rdar://problem/89923867
+
+    REGRESSION (r290853): CrashTracer: com.apple.WebKit.WebContent.Development at com.apple.WebCore: WebCore::FrameLoader::clear
+    https://bugs.webkit.org/show_bug.cgi?id=237565
+    <rdar://problem/88356074>
+    
+    Reviewed by Chris Dumez.
+    
+    No new tests. Fixes crashing test: accessibility/mac/value-change/value-change-user-info-textarea.html
+    
+    newDocument may be the frame's document. We should make it a RefPtr
+    because it could get set to null in this function.
+    
+    * loader/FrameLoader.cpp:
+    (WebCore::FrameLoader::clear):
+    * loader/FrameLoader.h:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290994 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2022-03-08  Kate Cheney  <katherine_che...@apple.com>
+
+            REGRESSION (r290853): CrashTracer: com.apple.WebKit.WebContent.Development at com.apple.WebCore: WebCore::FrameLoader::clear
+            https://bugs.webkit.org/show_bug.cgi?id=237565
+            <rdar://problem/88356074>
+
+            Reviewed by Chris Dumez.
+
+            No new tests. Fixes crashing test: accessibility/mac/value-change/value-change-user-info-textarea.html
+
+            newDocument may be the frame's document. We should make it a RefPtr
+            because it could get set to null in this function.
+
+            * loader/FrameLoader.cpp:
+            (WebCore::FrameLoader::clear):
+            * loader/FrameLoader.h:
+
+2022-03-21  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r290969. rdar://problem/89638872
 
     Preconnecting after process swap is a page load time improvement on some devices

Modified: branches/safari-613-branch/Source/WebCore/loader/FrameLoader.cpp (291652 => 291653)

--- branches/safari-613-branch/Source/WebCore/loader/FrameLoader.cpp	2022-03-22 17:55:50 UTC (rev 291652)
+++ branches/safari-613-branch/Source/WebCore/loader/FrameLoader.cpp	2022-03-22 17:55:53 UTC (rev 291653)
@@ -620,7 +620,7 @@
     return !newDocument.securityOrigin().isSameOriginAs(frame.document()->securityOrigin());
 }
 
-void FrameLoader::clear(Document* newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView, Function<void()>&& handleDOMWindowCreation)
+void FrameLoader::clear(RefPtr<Document>&& newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView, Function<void()>&& handleDOMWindowCreation)
 {
     bool neededClear = m_needsClear;
     m_needsClear = false;

Modified: branches/safari-613-branch/Source/WebCore/loader/FrameLoader.h (291652 => 291653)

--- branches/safari-613-branch/Source/WebCore/loader/FrameLoader.h	2022-03-22 17:55:50 UTC (rev 291652)
+++ branches/safari-613-branch/Source/WebCore/loader/FrameLoader.h	2022-03-22 17:55:53 UTC (rev 291653)
@@ -152,7 +152,7 @@
     void stopLoading(UnloadEventPolicy);
     void closeURL();
     // FIXME: clear() is trying to do too many things. We should break it down into smaller functions (ideally with fewer raw Boolean parameters).
-    void clear(Document* newDocument, bool clearWindowProperties = true, bool clearScriptObjects = true, bool clearFrameView = true, Function<void()>&& handleDOMWindowCreation = nullptr);
+    void clear(RefPtr<Document>&& newDocument, bool clearWindowProperties = true, bool clearScriptObjects = true, bool clearFrameView = true, Function<void()>&& handleDOMWindowCreation = nullptr);
 
     bool isLoading() const;
     WEBCORE_EXPORT bool frameHasLoaded() const;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes