WebKit Bugzilla
Attachment 371529 Details for
Bug 198625
: RELEASE_ASSERT hit in CachedFrame constructor
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198625-20190606153543.patch (text/plain), 2.76 KB, created by
Chris Dumez
on 2019-06-06 15:35:45 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2019-06-06 15:35:45 PDT
Size:
2.76 KB
patch
obsolete
>Subversion Revision: 246121 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 77164e19df00d161c3936514c0f9b2d5151c0969..ef5ce97a847da99d06a55c08dfa505da65968c5d 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,28 @@ >+2019-06-06 Chris Dumez <cdumez@apple.com> >+ >+ RELEASE_ASSERT hit in CachedFrame constructor >+ https://bugs.webkit.org/show_bug.cgi?id=198625 >+ <rdar://problem/49877867> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This is a speculative fix, it appears the document is already detached from its >+ frame by the time we construct a CachedFrame for it when entering PageCache. >+ >+ No new tests, because we do not know yet how this can be reproduced. >+ >+ * history/PageCache.cpp: >+ (WebCore::canCacheFrame): >+ Make a frame as ineligible for PageCache if: >+ 1. It does not have a document >+ or >+ 2. Its document is already detached from the frame >+ >+ (WebCore::PageCache::addIfCacheable): >+ Destroy the render tree *before* we check if the page can enter page cache, in case >+ destroying the render tree has any side effects that could make the page ineligible >+ for Page Cache. >+ > 2019-06-05 Saam Barati <sbarati@apple.com> > > [WHLSL] Implement loop expressions >diff --git a/Source/WebCore/history/PageCache.cpp b/Source/WebCore/history/PageCache.cpp >index f13e5a8e8b2cb771070f224acf58beb4b24bda30..2379d9db7a0df5e303b596513da0d5fc2285324a 100644 >--- a/Source/WebCore/history/PageCache.cpp >+++ b/Source/WebCore/history/PageCache.cpp >@@ -90,6 +90,17 @@ static bool canCacheFrame(Frame& frame, DiagnosticLoggingClient& diagnosticLoggi > return false; > } > >+ if (!frame.document()) { >+ PCLOG(" -Frame has no document"); >+ return false; >+ } >+ >+ if (!frame.document()->frame()) { >+ PCLOG(" -Document is detached from frame"); >+ ASSERT_NOT_REACHED(); >+ return false; >+ } >+ > DocumentLoader* documentLoader = frameLoader.documentLoader(); > if (!documentLoader) { > PCLOG(" -There is no DocumentLoader object"); >@@ -445,6 +456,8 @@ bool PageCache::addIfCacheable(HistoryItem& item, Page* page) > // Fire the pagehide event in all frames. > firePageHideEventRecursively(page->mainFrame()); > >+ destroyRenderTree(page->mainFrame()); >+ > // Check that the page is still page-cacheable after firing the pagehide event. The JS event handlers > // could have altered the page in a way that could prevent caching. > if (!canCache(*page)) { >@@ -452,8 +465,6 @@ bool PageCache::addIfCacheable(HistoryItem& item, Page* page) > return false; > } > >- destroyRenderTree(page->mainFrame()); >- > setPageCacheState(*page, Document::InPageCache); > > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=371529">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198625
: 371529