Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c6c2fea6a7f94b4361e61762fec8ff2a937438e4
https://github.com/WebKit/WebKit/commit/c6c2fea6a7f94b4361e61762fec8ff2a937438e4
Author: Basuke Suzuki <[email protected]>
Date: 2026-05-07 (Thu, 07 May 2026)
Changed paths:
M Source/WebCore/history/CachedFrame.cpp
Log Message:
-----------
[Site Isolation] Fix CachedFrame ASSERT for RemoteFrame-backed parent frames
https://bugs.webkit.org/show_bug.cgi?id=314238
rdar://176395663
Reviewed by Per Arne Vollan and Ryosuke Niwa.
In multi-process BFCache with Site Isolation, an iframe process's CachedPage
has a RemoteFrame as its main frame (null document) with LocalFrame children
that have documents. CachedFrame::destroy() and clear() both returned early
when m_document was null, skipping recursive child cleanup. This caused child
CachedFrames to be destroyed without their destroy()/clear() methods being
called, triggering ASSERT(!m_document) in the destructor.
Fix by moving the child frame iteration before the early return guard. Child
cleanup has no dependency on the parent's document and is safe to call
unconditionally.
Covered by existing tests.
* Source/WebCore/history/CachedFrame.cpp:
(WebCore::CachedFrame::clear):
(WebCore::CachedFrame::destroy):
Canonical link: https://commits.webkit.org/312856@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
