Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8e3ad95fd18ea29689428ad6e79ee2904e07b00d
https://github.com/WebKit/WebKit/commit/8e3ad95fd18ea29689428ad6e79ee2904e07b00d
Author: David Kilzer <[email protected]>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
A LayoutTests/fast/loader/reload-on-pageswap-crash-expected.txt
A LayoutTests/fast/loader/reload-on-pageswap-crash.html
M Source/WebCore/page/Navigation.cpp
Log Message:
-----------
Crash in HistoryController::updateForCommit() when calling
navigation.reload() during pageswap event handler
<https://bugs.webkit.org/show_bug.cgi?id=309782>
<rdar://167842846>
Reviewed by Chris Dumez.
A reload transitioning to committed dispatches a pageswap event, and a
`navigation.reload()` call inside the pageswap handler does a sync
policy check that clears the provisional `DocumentLoader`. After the
event returns, `HistoryController::updateForCommit()` dereferences the
now-null `FrameLoader::provisionalDocumentLoader()`.
Extend the fix from Bug 303364 (which cancelled `navigation.navigate()`
during pageswap dispatch) to also cancel `navigation.reload()`. Do
this by adding the existing `isDispatchingPageSwapEvent()` guard to
`Navigation::reload()` to match the guard already present in
`Navigation::navigate()`.
Test: fast/loader/reload-on-pageswap-crash.html
* LayoutTests/fast/loader/reload-on-pageswap-crash-expected.txt: Add.
* LayoutTests/fast/loader/reload-on-pageswap-crash.html: Add.
* Source/WebCore/page/Navigation.cpp:
(WebCore::Navigation::reload):
Originally-landed-as: 305413.511@rapid/safari-7624.2.5.110-branch
(6381422ae099). rdar://176061576
Canonical link: https://commits.webkit.org/314088@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
