Title: [87693] trunk/Source/WebCore
- Revision
- 87693
- Author
- [email protected]
- Date
- 2011-05-30 10:21:14 -0700 (Mon, 30 May 2011)
Log Message
2011-05-30 Mikhail Naganov <[email protected]>
Reviewed by Adam Barth.
[Chromium] Fix regression after r87628.
https://bugs.webkit.org/show_bug.cgi?id=61733
Having r87628 in place, Chrome reliability bot crashes in
WebCore::HTMLLinkElement::onloadTimerFired.
This is because the change makes WebCore::CachedResource::setRequest to
call checkNotify on request reset. HTMLLinkElement registers itself as
CachedResource client via m_cachedSheet, which can happen even if
m_cachedLinkResource wasn't set. As a result,
WebCore::HTMLLinkElement::notifyFinished is got called with unset
m_cachedLinkResource, which causes a crash in
HTMLLinkElement::onloadTimerFired
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::notifyFinished):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (87692 => 87693)
--- trunk/Source/WebCore/ChangeLog 2011-05-30 17:09:48 UTC (rev 87692)
+++ trunk/Source/WebCore/ChangeLog 2011-05-30 17:21:14 UTC (rev 87693)
@@ -1,3 +1,24 @@
+2011-05-30 Mikhail Naganov <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ [Chromium] Fix regression after r87628.
+ https://bugs.webkit.org/show_bug.cgi?id=61733
+
+ Having r87628 in place, Chrome reliability bot crashes in
+ WebCore::HTMLLinkElement::onloadTimerFired.
+
+ This is because the change makes WebCore::CachedResource::setRequest to
+ call checkNotify on request reset. HTMLLinkElement registers itself as
+ CachedResource client via m_cachedSheet, which can happen even if
+ m_cachedLinkResource wasn't set. As a result,
+ WebCore::HTMLLinkElement::notifyFinished is got called with unset
+ m_cachedLinkResource, which causes a crash in
+ HTMLLinkElement::onloadTimerFired
+
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::notifyFinished):
+
2011-05-30 Jer Noble <[email protected]>
Reviewed by Darin Adler and Simon Fraser.
Modified: trunk/Source/WebCore/html/HTMLLinkElement.cpp (87692 => 87693)
--- trunk/Source/WebCore/html/HTMLLinkElement.cpp 2011-05-30 17:09:48 UTC (rev 87692)
+++ trunk/Source/WebCore/html/HTMLLinkElement.cpp 2011-05-30 17:21:14 UTC (rev 87693)
@@ -75,7 +75,7 @@
m_sheet->clearOwnerNode();
if (m_cachedSheet) {
- m_cachedSheet->removeClient(this);
+ m_cachedSheet->removeClient(this);
removePendingSheet();
}
@@ -457,8 +457,9 @@
void HTMLLinkElement::notifyFinished(CachedResource* resource)
{
- m_onloadTimer.startOneShot(0);
- ASSERT(m_cachedLinkResource.get() == resource);
+ ASSERT(m_cachedLinkResource.get() == resource || m_cachedSheet.get() == resource);
+ if (m_cachedLinkResource.get() == resource)
+ m_onloadTimer.startOneShot(0);
}
#endif
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
