Skip to site navigation (Press enter)

[webkit-changes] [159986] trunk/Source/WebCore

beidson Mon, 02 Dec 2013 17:24:32 -0800

Title: [159986] trunk/Source/WebCore

Revision: 159986
Author: beid...@apple.com
Date: 2013-12-02 17:27:06 -0800 (Mon, 02 Dec 2013)

Log Message

Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
https://bugs.webkit.org/show_bug.cgi?id=125110


Reviewed by Darin Adler.

FrameLoader::loadProgressingStatusChanged() might be called while the Frame has a null FrameView.

It’s unclear how to reproduce, but there’s no harm in a null check.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadProgressingStatusChanged):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/FrameLoader.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (159985 => 159986)


--- trunk/Source/WebCore/ChangeLog	2013-12-03 01:12:51 UTC (rev 159985)
+++ trunk/Source/WebCore/ChangeLog	2013-12-03 01:27:06 UTC (rev 159986)
@@ -81,6 +81,20 @@
 
         Reviewed by Darin Adler.
 
+        FrameLoader::loadProgressingStatusChanged() might be called while the Frame has a null FrameView.
+
+        It’s unclear how to reproduce, but there’s no harm in a null check.
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadProgressingStatusChanged):
+
+2013-12-02  Brady Eidson  <beid...@apple.com>
+
+        Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
+        https://bugs.webkit.org/show_bug.cgi?id=125110
+
+        Reviewed by Darin Adler.
+
         It’s possible to have a null m_originatingProgressFrame when the heartbeat timer fires.
 
         On the surface this seems impossible because the only time m_originatingProgressFrame is cleared

Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (159985 => 159986)


--- trunk/Source/WebCore/loader/FrameLoader.cpp	2013-12-03 01:12:51 UTC (rev 159985)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp	2013-12-03 01:27:06 UTC (rev 159986)
@@ -3380,6 +3380,9 @@
 void FrameLoader::loadProgressingStatusChanged()
 {
     FrameView* view = m_frame.mainFrame().view();
+    if (!view)
+        return;
+
     view->updateLayerFlushThrottlingInAllFrames();
     view->adjustTiledBackingCoverage();
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes