Title: [246529] trunk/Source/WebCore
- Revision
- 246529
- Author
- [email protected]
- Date
- 2019-06-17 18:41:01 -0700 (Mon, 17 Jun 2019)
Log Message
m_disconnectedFrame can be null in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame()
https://bugs.webkit.org/show_bug.cgi?id=198943
Reviewed by Brady Eidson.
Apparently it's possible for m_disconnectedFrame to be null in this function even though this should never happen.
We've been trying to diagnose a class of issues in this area (e.g. r246187, r244971, r242797, r242677, r242676, r241848)
but at some point, we need to stop crashing for the sake of user.
Worked around the bug by adding a null pointer check here.
* page/DOMWindowExtension.cpp:
(WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (246528 => 246529)
--- trunk/Source/WebCore/ChangeLog 2019-06-18 00:29:21 UTC (rev 246528)
+++ trunk/Source/WebCore/ChangeLog 2019-06-18 01:41:01 UTC (rev 246529)
@@ -1,3 +1,20 @@
+2019-06-17 Ryosuke Niwa <[email protected]>
+
+ m_disconnectedFrame can be null in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame()
+ https://bugs.webkit.org/show_bug.cgi?id=198943
+
+ Reviewed by Brady Eidson.
+
+ Apparently it's possible for m_disconnectedFrame to be null in this function even though this should never happen.
+
+ We've been trying to diagnose a class of issues in this area (e.g. r246187, r244971, r242797, r242677, r242676, r241848)
+ but at some point, we need to stop crashing for the sake of user.
+
+ Worked around the bug by adding a null pointer check here.
+
+ * page/DOMWindowExtension.cpp:
+ (WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame):
+
2019-06-17 Alex Christensen <[email protected]>
Fix iOS crash when starting loads with no active DocumentLoader
Modified: trunk/Source/WebCore/page/DOMWindowExtension.cpp (246528 => 246529)
--- trunk/Source/WebCore/page/DOMWindowExtension.cpp 2019-06-18 00:29:21 UTC (rev 246528)
+++ trunk/Source/WebCore/page/DOMWindowExtension.cpp 2019-06-18 01:41:01 UTC (rev 246529)
@@ -81,13 +81,14 @@
void DOMWindowExtension::willDestroyGlobalObjectInCachedFrame()
{
- ASSERT(m_disconnectedFrame);
+ ASSERT(m_disconnectedFrame); // Somehow m_disconnectedFrame can be null here. See <rdar://problem/49613448>.
// Calling out to the client might result in this DOMWindowExtension being destroyed
// while there is still work to do.
Ref<DOMWindowExtension> protectedThis(*this);
- m_disconnectedFrame->loader().client().dispatchWillDestroyGlobalObjectForDOMWindowExtension(this);
+ if (m_disconnectedFrame)
+ m_disconnectedFrame->loader().client().dispatchWillDestroyGlobalObjectForDOMWindowExtension(this);
m_disconnectedFrame = nullptr;
// DOMWindowExtension lifetime isn't tied directly to the DOMWindow itself so it is important that it unregister
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
