WebKit Bugzilla
Attachment 372297 Details for
Bug 198943
: m_disconnectedFrame can be null in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Adds a null check
bug-198943-20190617171538.patch (text/plain), 2.17 KB, created by
Ryosuke Niwa
on 2019-06-17 17:15:38 PDT
(
hide
)
Description:
Adds a null check
Filename:
MIME Type:
Creator:
Ryosuke Niwa
Created:
2019-06-17 17:15:38 PDT
Size:
2.17 KB
patch
obsolete
>Index: Source/WebCore/ChangeLog >=================================================================== >--- Source/WebCore/ChangeLog (revision 246524) >+++ Source/WebCore/ChangeLog (working copy) >@@ -1,3 +1,20 @@ >+2019-06-17 Ryosuke Niwa <rniwa@webkit.org> >+ >+ m_disconnectedFrame can be null in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame() >+ https://bugs.webkit.org/show_bug.cgi?id=198943 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Apparently it's possible for m_disconnectedFrame to be null in this function even though this should never happen. >+ >+ We've been trying to diagnose a class of issues in this area (e.g. r246187, r244971, r242797, r242677, r242676, r241848) >+ but at some point, we need to stop crashing for the sake of user. >+ >+ Worked around the bug by adding a null pointer check here. >+ >+ * page/DOMWindowExtension.cpp: >+ (WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame): >+ > 2019-06-17 Robin Morisset <rmorisset@apple.com> > > [WHLSL] The name resolver does not deal with nativeFunctionDeclaration >Index: Source/WebCore/page/DOMWindowExtension.cpp >=================================================================== >--- Source/WebCore/page/DOMWindowExtension.cpp (revision 246523) >+++ Source/WebCore/page/DOMWindowExtension.cpp (working copy) >@@ -81,13 +81,14 @@ void DOMWindowExtension::resumeFromPageC > > void DOMWindowExtension::willDestroyGlobalObjectInCachedFrame() > { >- ASSERT(m_disconnectedFrame); >+ ASSERT(m_disconnectedFrame); // Somehow m_disconnectedFrame can be null here. See <rdar://problem/49613448>. > > // Calling out to the client might result in this DOMWindowExtension being destroyed > // while there is still work to do. > Ref<DOMWindowExtension> protectedThis(*this); > >- m_disconnectedFrame->loader().client().dispatchWillDestroyGlobalObjectForDOMWindowExtension(this); >+ if (m_disconnectedFrame) >+ m_disconnectedFrame->loader().client().dispatchWillDestroyGlobalObjectForDOMWindowExtension(this); > m_disconnectedFrame = nullptr; > > // DOMWindowExtension lifetime isn't tied directly to the DOMWindow itself so it is important that it unregister
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
beidson
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198943
: 372297