Title: [106144] branches/safari-534.54-branch/Source/WebCore
Diff
Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (106143 => 106144)
--- branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-27 20:53:27 UTC (rev 106143)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-27 21:27:15 UTC (rev 106144)
@@ -1,3 +1,23 @@
+2011-01-27 Lucas Forschler <[email protected]>
+
+ Merge 106130
+
+ 2012-01-27 Abhishek Arya <[email protected]>
+
+ Crash in DocumentLoader::detachFromFrame.
+ https://bugs.webkit.org/show_bug.cgi?id=62764
+
+ Reviewed by Brady Eidson.
+
+ r105556 didn't fix the crash because canceling the
+ main resource loader blows away both the current
+ document loader and frame underneath. Both protectors
+ are also used in stopLoading() when m_mainResourceLoader->cancel()
+ is called. Also, tested the fix under ASAN.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::detachFromFrame):
+
2012-01-25 Mark Rowe <[email protected]>
Merge r105942.
Modified: branches/safari-534.54-branch/Source/WebCore/loader/DocumentLoader.cpp (106143 => 106144)
--- branches/safari-534.54-branch/Source/WebCore/loader/DocumentLoader.cpp 2012-01-27 20:53:27 UTC (rev 106143)
+++ branches/safari-534.54-branch/Source/WebCore/loader/DocumentLoader.cpp 2012-01-27 21:27:15 UTC (rev 106144)
@@ -409,7 +409,8 @@
void DocumentLoader::detachFromFrame()
{
ASSERT(m_frame);
- RefPtr<Frame> protector(m_frame);
+ RefPtr<Frame> protectFrame(m_frame);
+ RefPtr<DocumentLoader> protectLoader(this);
// It never makes sense to have a document loader that is detached from its
// frame have any loads active, so go ahead and kill all the loads.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
