Title: [246187] trunk/Source/WebCore
- Revision
- 246187
- Author
- [email protected]
- Date
- 2019-06-06 22:14:35 -0700 (Thu, 06 Jun 2019)
Log Message
RELEASE_ASSERT hit in CachedFrame constructor
https://bugs.webkit.org/show_bug.cgi?id=198625
<rdar://problem/49877867>
Reviewed by Geoffrey Garen.
This is a speculative fix, it appears the document is already detached from its
frame by the time we construct a CachedFrame for it when entering PageCache.
No new tests, because we do not know yet how this can be reproduced.
* history/PageCache.cpp:
(WebCore::canCacheFrame):
Make a frame as ineligible for PageCache if:
1. It does not have a document
or
2. Its document is already detached from the frame
(WebCore::PageCache::addIfCacheable):
Destroy the render tree *before* we check if the page can enter page cache, in case
destroying the render tree has any side effects that could make the page ineligible
for Page Cache.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (246186 => 246187)
--- trunk/Source/WebCore/ChangeLog 2019-06-07 03:38:22 UTC (rev 246186)
+++ trunk/Source/WebCore/ChangeLog 2019-06-07 05:14:35 UTC (rev 246187)
@@ -1,3 +1,28 @@
+2019-06-06 Chris Dumez <[email protected]>
+
+ RELEASE_ASSERT hit in CachedFrame constructor
+ https://bugs.webkit.org/show_bug.cgi?id=198625
+ <rdar://problem/49877867>
+
+ Reviewed by Geoffrey Garen.
+
+ This is a speculative fix, it appears the document is already detached from its
+ frame by the time we construct a CachedFrame for it when entering PageCache.
+
+ No new tests, because we do not know yet how this can be reproduced.
+
+ * history/PageCache.cpp:
+ (WebCore::canCacheFrame):
+ Make a frame as ineligible for PageCache if:
+ 1. It does not have a document
+ or
+ 2. Its document is already detached from the frame
+
+ (WebCore::PageCache::addIfCacheable):
+ Destroy the render tree *before* we check if the page can enter page cache, in case
+ destroying the render tree has any side effects that could make the page ineligible
+ for Page Cache.
+
2019-06-06 Devin Rousso <[email protected]>
Web Inspector: Timelines: only complete Composite records if the m_startedComposite (followup to r246142)
Modified: trunk/Source/WebCore/history/PageCache.cpp (246186 => 246187)
--- trunk/Source/WebCore/history/PageCache.cpp 2019-06-07 03:38:22 UTC (rev 246186)
+++ trunk/Source/WebCore/history/PageCache.cpp 2019-06-07 05:14:35 UTC (rev 246187)
@@ -90,6 +90,17 @@
return false;
}
+ if (!frame.document()) {
+ PCLOG(" -Frame has no document");
+ return false;
+ }
+
+ if (!frame.document()->frame()) {
+ PCLOG(" -Document is detached from frame");
+ ASSERT_NOT_REACHED();
+ return false;
+ }
+
DocumentLoader* documentLoader = frameLoader.documentLoader();
if (!documentLoader) {
PCLOG(" -There is no DocumentLoader object");
@@ -445,6 +456,8 @@
// Fire the pagehide event in all frames.
firePageHideEventRecursively(page->mainFrame());
+ destroyRenderTree(page->mainFrame());
+
// Check that the page is still page-cacheable after firing the pagehide event. The JS event handlers
// could have altered the page in a way that could prevent caching.
if (!canCache(*page)) {
@@ -452,8 +465,6 @@
return false;
}
- destroyRenderTree(page->mainFrame());
-
setPageCacheState(*page, Document::InPageCache);
{
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
