Skip to site navigation (Press enter)

[webkit-changes] [106130] trunk/Source/WebCore

inferno Fri, 27 Jan 2012 10:19:30 -0800

Title: [106130] trunk/Source/WebCore

Revision: 106130
Author: [email protected]
Date: 2012-01-27 10:19:20 -0800 (Fri, 27 Jan 2012)

Log Message

Crash in DocumentLoader::detachFromFrame.
https://bugs.webkit.org/show_bug.cgi?id=62764


Reviewed by Brady Eidson.

r105556 didn't fix the crash because canceling the
main resource loader blows away both the current
document loader and frame underneath. Both protectors
are also used in stopLoading() when m_mainResourceLoader->cancel()
is called. Also, tested the fix under ASAN.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::detachFromFrame):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/DocumentLoader.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (106129 => 106130)


--- trunk/Source/WebCore/ChangeLog	2012-01-27 18:12:05 UTC (rev 106129)
+++ trunk/Source/WebCore/ChangeLog	2012-01-27 18:19:20 UTC (rev 106130)
@@ -1,3 +1,19 @@
+2012-01-27  Abhishek Arya  <[email protected]>
+
+        Crash in DocumentLoader::detachFromFrame.
+        https://bugs.webkit.org/show_bug.cgi?id=62764
+
+        Reviewed by Brady Eidson.
+
+        r105556 didn't fix the crash because canceling the
+        main resource loader blows away both the current
+        document loader and frame underneath. Both protectors
+        are also used in stopLoading() when m_mainResourceLoader->cancel()
+        is called. Also, tested the fix under ASAN.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::detachFromFrame):
+
 2012-01-27  Tony Chang  <[email protected]>
 
         flexbox scrollbars don't take flex-direction into account

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (106129 => 106130)


--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2012-01-27 18:12:05 UTC (rev 106129)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2012-01-27 18:19:20 UTC (rev 106130)
@@ -405,7 +405,8 @@
 void DocumentLoader::detachFromFrame()
 {
     ASSERT(m_frame);
-    RefPtr<Frame> protector(m_frame);
+    RefPtr<Frame> protectFrame(m_frame);
+    RefPtr<DocumentLoader> protectLoader(this);
 
     // It never makes sense to have a document loader that is detached from its
     // frame have any loads active, so go ahead and kill all the loads.

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes