Title: [129320] branches/chromium/1271/Source/WebKit/chromium/src/WebFrameImpl.cpp
- Revision
- 129320
- Author
- [email protected]
- Date
- 2012-09-23 18:16:02 -0700 (Sun, 23 Sep 2012)
Log Message
Merge 128972 - [Chromium] Fix crash in WebFrameImpl::loadHistoryItem
https://bugs.webkit.org/show_bug.cgi?id=96352
Reviewed by Adam Barth.
We have some crash reports with the following stack:
- HistoryItem::shouldDoSameDocumentNavigationTo.
- WebFrameImpl::loadHistoryItem
...
We don't have reproducible steps, and not sure what's the root
cause. Anyway we should check nullness of currentItem because
HistoryController::m_currentItem can be 0.
* src/WebFrameImpl.cpp:
(WebKit::WebFrameImpl::loadHistoryItem):
Check nullness of currentItem.
[email protected]
Review URL: https://codereview.chromium.org/10959062
Modified Paths
Diff
Modified: branches/chromium/1271/Source/WebKit/chromium/src/WebFrameImpl.cpp (129319 => 129320)
--- branches/chromium/1271/Source/WebKit/chromium/src/WebFrameImpl.cpp 2012-09-24 01:02:19 UTC (rev 129319)
+++ branches/chromium/1271/Source/WebKit/chromium/src/WebFrameImpl.cpp 2012-09-24 01:16:02 UTC (rev 129320)
@@ -1029,7 +1029,7 @@
m_frame->loader()->prepareForHistoryNavigation();
RefPtr<HistoryItem> currentItem = m_frame->loader()->history()->currentItem();
- m_inSameDocumentHistoryLoad = currentItem->shouldDoSameDocumentNavigationTo(historyItem.get());
+ m_inSameDocumentHistoryLoad = currentItem && currentItem->shouldDoSameDocumentNavigationTo(historyItem.get());
m_frame->page()->goToItem(historyItem.get(),
FrameLoadTypeIndexedBackForward);
m_inSameDocumentHistoryLoad = false;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
