Skip to site navigation (Press enter)

[webkit-changes] [94721] trunk/Source/WebKit/chromium

abarth Wed, 07 Sep 2011 15:53:56 -0700

Title: [94721] trunk/Source/WebKit/chromium

Revision: 94721
Author: [email protected]
Date: 2011-09-07 15:54:48 -0700 (Wed, 07 Sep 2011)

Log Message

FrameLoader::addExtraFieldsToRequest can crash when called from or after FrameLoader::detachFromParent
https://bugs.webkit.org/show_bug.cgi?id=61810


Reviewed by Eric Seidel.

Fix this crash as suggested by Darin Fisher in
https://bugs.webkit.org/show_bug.cgi?id=61810#c21.  This patch does not
include the test requested by Alexey Proskuryakov in
https://bugs.webkit.org/show_bug.cgi?id=61810#c6.  I would really much
rather include a test with this patch, but my attempts to write a test
have failed.  :(

* src/WebPluginContainerImpl.cpp:
(WebKit::WebPluginContainerImpl::loadFrameRequest):

Modified Paths

trunk/Source/WebKit/chromium/ChangeLog
trunk/Source/WebKit/chromium/src/WebPluginContainerImpl.cpp

Diff

Modified: trunk/Source/WebKit/chromium/ChangeLog (94720 => 94721)


--- trunk/Source/WebKit/chromium/ChangeLog	2011-09-07 22:49:37 UTC (rev 94720)
+++ trunk/Source/WebKit/chromium/ChangeLog	2011-09-07 22:54:48 UTC (rev 94721)
@@ -1,3 +1,20 @@
+2011-09-07  Adam Barth  <[email protected]>
+
+        FrameLoader::addExtraFieldsToRequest can crash when called from or after FrameLoader::detachFromParent
+        https://bugs.webkit.org/show_bug.cgi?id=61810
+
+        Reviewed by Eric Seidel.
+
+        Fix this crash as suggested by Darin Fisher in
+        https://bugs.webkit.org/show_bug.cgi?id=61810#c21.  This patch does not
+        include the test requested by Alexey Proskuryakov in
+        https://bugs.webkit.org/show_bug.cgi?id=61810#c6.  I would really much
+        rather include a test with this patch, but my attempts to write a test
+        have failed.  :(
+
+        * src/WebPluginContainerImpl.cpp:
+        (WebKit::WebPluginContainerImpl::loadFrameRequest):
+
 2011-09-07  Eric Boren  <[email protected]>
 
         [Chromium] Modify WebTouchEvent structure to match WebCore::TouchEvent

Modified: trunk/Source/WebKit/chromium/src/WebPluginContainerImpl.cpp (94720 => 94721)


--- trunk/Source/WebKit/chromium/src/WebPluginContainerImpl.cpp	2011-09-07 22:49:37 UTC (rev 94720)
+++ trunk/Source/WebKit/chromium/src/WebPluginContainerImpl.cpp	2011-09-07 22:54:48 UTC (rev 94721)
@@ -386,7 +386,7 @@
 void WebPluginContainerImpl::loadFrameRequest(const WebURLRequest& request, const WebString& target, bool notifyNeeded, void* notifyData)
 {
     Frame* frame = m_element->document()->frame();
-    if (!frame)
+    if (!frame || !frame->loader()->documentLoader())
         return;  // FIXME: send a notification in this case?
 
     if (notifyNeeded) {

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes