Title: [212709] releases/WebKitGTK/webkit-2.16/Source/WebCore
- Revision
- 212709
- Author
- [email protected]
- Date
- 2017-02-21 00:39:16 -0800 (Tue, 21 Feb 2017)
Log Message
Merge r212667 - Nullptr dereferences when stopping a load
https://bugs.webkit.org/show_bug.cgi?id=168608
<rdar://problem/29852056>
Reviewed by Ryosuke Niwa.
Don't attempt to notify a detached frame's load client that the load is
stopped.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::stopLoading): Check for null frame loader and
bypass dereferencing it.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (212708 => 212709)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-02-21 08:39:06 UTC (rev 212708)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-02-21 08:39:16 UTC (rev 212709)
@@ -1,3 +1,18 @@
+2017-02-20 Brent Fulgham <[email protected]>
+
+ Nullptr dereferences when stopping a load
+ https://bugs.webkit.org/show_bug.cgi?id=168608
+ <rdar://problem/29852056>
+
+ Reviewed by Ryosuke Niwa.
+
+ Don't attempt to notify a detached frame's load client that the load is
+ stopped.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::stopLoading): Check for null frame loader and
+ bypass dereferencing it.
+
2017-02-20 Carlos Garcia Campos <[email protected]>
Remove code under USE(GRAPHICS_SURFACE)
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/DocumentLoader.cpp (212708 => 212709)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/DocumentLoader.cpp 2017-02-21 08:39:06 UTC (rev 212708)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/DocumentLoader.cpp 2017-02-21 08:39:16 UTC (rev 212709)
@@ -306,19 +306,20 @@
m_isStopping = true;
- FrameLoader* frameLoader = DocumentLoader::frameLoader();
-
- if (isLoadingMainResource()) {
- // Stop the main resource loader and let it send the cancelled message.
- cancelMainResourceLoad(frameLoader->cancelledError(m_request));
- } else if (!m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty()) {
- // The main resource loader already finished loading. Set the cancelled error on the
- // document and let the subresourceLoaders and pluginLoaders send individual cancelled messages below.
- setMainDocumentError(frameLoader->cancelledError(m_request));
- } else {
- // If there are no resource loaders, we need to manufacture a cancelled message.
- // (A back/forward navigation has no resource loaders because its resources are cached.)
- mainReceivedError(frameLoader->cancelledError(m_request));
+ // The frame may have been detached from this document by the onunload handler
+ if (auto* frameLoader = DocumentLoader::frameLoader()) {
+ if (isLoadingMainResource()) {
+ // Stop the main resource loader and let it send the cancelled message.
+ cancelMainResourceLoad(frameLoader->cancelledError(m_request));
+ } else if (!m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty()) {
+ // The main resource loader already finished loading. Set the cancelled error on the
+ // document and let the subresourceLoaders and pluginLoaders send individual cancelled messages below.
+ setMainDocumentError(frameLoader->cancelledError(m_request));
+ } else {
+ // If there are no resource loaders, we need to manufacture a cancelled message.
+ // (A back/forward navigation has no resource loaders because its resources are cached.)
+ mainReceivedError(frameLoader->cancelledError(m_request));
+ }
}
// We always need to explicitly cancel the Document's parser when stopping the load.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
