Title: [202035] trunk/Source/WebCore
- Revision
- 202035
- Author
- [email protected]
- Date
- 2016-06-14 00:35:53 -0700 (Tue, 14 Jun 2016)
Log Message
Crash inside firstPositionInNode in checkLoadCompleteForThisFrame
https://bugs.webkit.org/show_bug.cgi?id=158724
Reviewed by Alex Christensen.
Added null checks for document and document element since they could be nullptr here.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (202034 => 202035)
--- trunk/Source/WebCore/ChangeLog 2016-06-14 07:10:20 UTC (rev 202034)
+++ trunk/Source/WebCore/ChangeLog 2016-06-14 07:35:53 UTC (rev 202035)
@@ -1,3 +1,15 @@
+2016-06-14 Ryosuke Niwa <[email protected]>
+
+ Crash inside firstPositionInNode in checkLoadCompleteForThisFrame
+ https://bugs.webkit.org/show_bug.cgi?id=158724
+
+ Reviewed by Alex Christensen.
+
+ Added null checks for document and document element since they could be nullptr here.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
+
2016-06-13 Gavin & Ellie Barraclough <[email protected]>
Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (202034 => 202035)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2016-06-14 07:10:20 UTC (rev 202034)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2016-06-14 07:35:53 UTC (rev 202035)
@@ -2310,11 +2310,14 @@
} else {
FRAMELOADER_LOG_ALWAYS("Finished frame load without error, frame = %p, main = %d", &m_frame, m_frame.isMainFrame());
#if ENABLE(DATA_DETECTION)
- if (m_frame.settings().dataDetectorTypes() != DataDetectorTypeNone) {
- RefPtr<Range> documentRange = makeRange(firstPositionInNode(m_frame.document()->documentElement()), lastPositionInNode(m_frame.document()->documentElement()));
- m_frame.setDataDetectionResults(DataDetection::detectContentInRange(documentRange, m_frame.settings().dataDetectorTypes()));
- if (m_frame.isMainFrame())
- m_client.dispatchDidFinishDataDetection(m_frame.dataDetectionResults());
+ auto* document = m_frame.document();
+ if (m_frame.settings().dataDetectorTypes() != DataDetectorTypeNone && document) {
+ if (auto* documentElement = document->documentElement()) {
+ RefPtr<Range> documentRange = makeRange(firstPositionInNode(documentElement), lastPositionInNode(documentElement));
+ m_frame.setDataDetectionResults(DataDetection::detectContentInRange(documentRange, m_frame.settings().dataDetectorTypes()));
+ if (m_frame.isMainFrame())
+ m_client.dispatchDidFinishDataDetection(m_frame.dataDetectionResults());
+ }
}
#endif
m_client.dispatchDidFinishLoad();
@@ -2322,8 +2325,10 @@
}
// Notify accessibility.
- if (AXObjectCache* cache = m_frame.document()->existingAXObjectCache())
- cache->frameLoadingEventNotification(&m_frame, loadingEvent);
+ if (auto* document = m_frame.document()) {
+ if (AXObjectCache* cache = document->existingAXObjectCache())
+ cache->frameLoadingEventNotification(&m_frame, loadingEvent);
+ }
// The above calls to dispatchDidFinishLoad() might have detached the Frame
// from its Page and also might have caused Page to be deleted.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
