[webkit-changes] [98874] branches/safari-534.52-branch/Source/WebCore

Mon, 31 Oct 2011 13:25:14 -0700

Title: [98874] branches/safari-534.52-branch/Source/WebCore
Revision
98874
Author
[email protected]
Date
2011-10-31 13:25:06 -0700 (Mon, 31 Oct 2011)

Log Message

Merged r98389.


Modified Paths

Diff

Modified: branches/safari-534.52-branch/Source/WebCore/ChangeLog (98873 => 98874)


--- branches/safari-534.52-branch/Source/WebCore/ChangeLog	2011-10-31 20:22:21 UTC (rev 98873)
+++ branches/safari-534.52-branch/Source/WebCore/ChangeLog	2011-10-31 20:25:06 UTC (rev 98874)
@@ -1,3 +1,22 @@
+2011-10-31  Lucas Forschler  <[email protected]>
+
+    Merge 98389
+
+    2011-10-25  Anders Carlsson  <[email protected]>
+
+            REGRESSION(97821): HistoryController::itemsAreClones crashes a lot
+            https://bugs.webkit.org/show_bug.cgi?id=70827
+            <rdar://problem/10342925>
+
+            Reviewed by Adam Barth.
+
+            Check that m_currentItem is non-null before passing it to itemsAreClones. While I wasn't
+            able to make a test case that would reproduce this crash, we do check m_currentItem for null
+            everywhere else, and the crash log indicates that this would fix the crash.
+
+            * loader/HistoryController.cpp:
+            (WebCore::HistoryController::recursiveUpdateForCommit):
+
 2011-10-27  Lucas Forschler  <[email protected]>
 
     Merge 98503

Modified: branches/safari-534.52-branch/Source/WebCore/loader/HistoryController.cpp (98873 => 98874)


--- branches/safari-534.52-branch/Source/WebCore/loader/HistoryController.cpp	2011-10-31 20:22:21 UTC (rev 98873)
+++ branches/safari-534.52-branch/Source/WebCore/loader/HistoryController.cpp	2011-10-31 20:25:06 UTC (rev 98874)
@@ -471,7 +471,7 @@
     // For each frame that already had the content the item requested (based on
     // (a matching URL and frame tree snapshot), just restore the scroll position.
     // Save form state (works from currentItem, since m_frameLoadComplete is true)
-    if (itemsAreClones(m_currentItem.get(), m_provisionalItem.get())) {
+    if (m_currentItem && itemsAreClones(m_currentItem.get(), m_provisionalItem.get())) {
         ASSERT(m_frameLoadComplete);
         saveDocumentState();
         saveScrollPositionAndViewStateToItem(m_currentItem.get());

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to