Title: [212723] branches/safari-603-branch/Source/WebCore
- Revision
- 212723
- Author
- [email protected]
- Date
- 2017-02-21 10:21:36 -0800 (Tue, 21 Feb 2017)
Log Message
Merge r212667. rdar://problem/29852056
Modified Paths
Diff
Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (212722 => 212723)
--- branches/safari-603-branch/Source/WebCore/ChangeLog 2017-02-21 18:21:34 UTC (rev 212722)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog 2017-02-21 18:21:36 UTC (rev 212723)
@@ -1,3 +1,22 @@
+2017-02-21 Matthew Hanson <[email protected]>
+
+ Merge r212667. rdar://problem/29852056
+
+ 2017-02-20 Brent Fulgham <[email protected]>
+
+ Nullptr dereferences when stopping a load
+ https://bugs.webkit.org/show_bug.cgi?id=168608
+ <rdar://problem/29852056>
+
+ Reviewed by Ryosuke Niwa.
+
+ Don't attempt to notify a detached frame's load client that the load is
+ stopped.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::stopLoading): Check for null frame loader and
+ bypass dereferencing it.
+
2017-02-18 Ryosuke Niwa <[email protected]>
REGRESSION(r212218): Assertion failures in and after parserRemoveChild
Modified: branches/safari-603-branch/Source/WebCore/loader/DocumentLoader.cpp (212722 => 212723)
--- branches/safari-603-branch/Source/WebCore/loader/DocumentLoader.cpp 2017-02-21 18:21:34 UTC (rev 212722)
+++ branches/safari-603-branch/Source/WebCore/loader/DocumentLoader.cpp 2017-02-21 18:21:36 UTC (rev 212723)
@@ -340,19 +340,20 @@
m_isStopping = true;
- FrameLoader* frameLoader = DocumentLoader::frameLoader();
-
- if (isLoadingMainResource()) {
- // Stop the main resource loader and let it send the cancelled message.
- cancelMainResourceLoad(frameLoader->cancelledError(m_request));
- } else if (!m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty()) {
- // The main resource loader already finished loading. Set the cancelled error on the
- // document and let the subresourceLoaders and pluginLoaders send individual cancelled messages below.
- setMainDocumentError(frameLoader->cancelledError(m_request));
- } else {
- // If there are no resource loaders, we need to manufacture a cancelled message.
- // (A back/forward navigation has no resource loaders because its resources are cached.)
- mainReceivedError(frameLoader->cancelledError(m_request));
+ // The frame may have been detached from this document by the onunload handler
+ if (auto* frameLoader = DocumentLoader::frameLoader()) {
+ if (isLoadingMainResource()) {
+ // Stop the main resource loader and let it send the cancelled message.
+ cancelMainResourceLoad(frameLoader->cancelledError(m_request));
+ } else if (!m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty()) {
+ // The main resource loader already finished loading. Set the cancelled error on the
+ // document and let the subresourceLoaders and pluginLoaders send individual cancelled messages below.
+ setMainDocumentError(frameLoader->cancelledError(m_request));
+ } else {
+ // If there are no resource loaders, we need to manufacture a cancelled message.
+ // (A back/forward navigation has no resource loaders because its resources are cached.)
+ mainReceivedError(frameLoader->cancelledError(m_request));
+ }
}
// We always need to explicitly cancel the Document's parser when stopping the load.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
