WebKit Bugzilla
Attachment 372297 Details for
Bug 198943
: m_disconnectedFrame can be null in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Adds a null check
bug-198943-20190617171538.patch (text/plain), 2.17 KB, created by
Ryosuke Niwa
on 2019-06-17 17:15:38 PDT
(
hide
)
Description:
Adds a null check
Filename:
MIME Type:
Creator:
Ryosuke Niwa
Created:
2019-06-17 17:15:38 PDT
Size:
2.17 KB
patch
obsolete
>Index: Source/WebCore/ChangeLog >=================================================================== >--- Source/WebCore/ChangeLog (revision 246524) >+++ Source/WebCore/ChangeLog (working copy) >@@ -1,3 +1,20 @@ >+2019-06-17 Ryosuke Niwa <rniwa@webkit.org> >+ >+ m_disconnectedFrame can be null in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame() >+ https://bugs.webkit.org/show_bug.cgi?id=198943 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Apparently it's possible for m_disconnectedFrame to be null in this function even though this should never happen. >+ >+ We've been trying to diagnose a class of issues in this area (e.g. r246187, r244971, r242797, r242677, r242676, r241848) >+ but at some point, we need to stop crashing for the sake of user. >+ >+ Worked around the bug by adding a null pointer check here. >+ >+ * page/DOMWindowExtension.cpp: >+ (WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame): >+ > 2019-06-17 Robin Morisset <rmorisset@apple.com> > > [WHLSL] The name resolver does not deal with nativeFunctionDeclaration >Index: Source/WebCore/page/DOMWindowExtension.cpp >=================================================================== >--- Source/WebCore/page/DOMWindowExtension.cpp (revision 246523) >+++ Source/WebCore/page/DOMWindowExtension.cpp (working copy) >@@ -81,13 +81,14 @@ void DOMWindowExtension::resumeFromPageC > > void DOMWindowExtension::willDestroyGlobalObjectInCachedFrame() > { >- ASSERT(m_disconnectedFrame); >+ ASSERT(m_disconnectedFrame); // Somehow m_disconnectedFrame can be null here. See <rdar://problem/49613448>. > > // Calling out to the client might result in this DOMWindowExtension being destroyed > // while there is still work to do. > Ref<DOMWindowExtension> protectedThis(*this); > >- m_disconnectedFrame->loader().client().dispatchWillDestroyGlobalObjectForDOMWindowExtension(this); >+ if (m_disconnectedFrame) >+ m_disconnectedFrame->loader().client().dispatchWillDestroyGlobalObjectForDOMWindowExtension(this); > m_disconnectedFrame = nullptr; > > // DOMWindowExtension lifetime isn't tied directly to the DOMWindow itself so it is important that it unregister
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=372297">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
beidson
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198943
: 372297