[Webkit-unassigned] [Bug 11239] REGRESSION (r16960): crash on navigating to site

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 10 05:24:34 PDT 2006


mitz at webkit.org changed:

           What    |Removed                     |Added
            Summary|crash on navigating to site |REGRESSION (r16960): crash
                   |                            |on navigating to site
           Priority|P2                          |P1
           Keywords|                            |Regression
          Component|New Bugs                    |Page Loading
                 CC|                            |mjs at apple.com

------- Comment #6 from mitz at webkit.org  2006-10-10 05:24 PDT -------
I think the bug was introduced in r16960: -[WebFrameLoader
continueLoadRequestAfterNewWindowPolicy:frameName:formState:] is
under-retaining (or over-releasing) mainBridge.

@@ -1634,17 +1629,14 @@
     [bridge retain];

-    WebFrame *mainFrame = [client _dispatchCreateWebViewWithRequest:nil];
-    if (!mainFrame)
+    WebCoreFrameBridge *mainBridge = [client
+    if (!mainBridge)
         goto exit;

-    WebCoreFrameBridge *mainBridge = [mainFrame _frameLoader]->frameBridge;
-    [mainBridge retain];
     [mainBridge setName:frameName];

-    [mainFrame _dispatchShow];
+    [[[mainBridge frameLoader] client] _dispatchShow];

     [mainBridge setOpener:bridge];
-    [[mainFrame _frameLoader] _loadRequest:request triggeringAction:nil
loadType:WebFrameLoadTypeStandard formState:formState];
+    [[mainBridge frameLoader] _loadRequest:request triggeringAction:nil
loadType:FrameLoadTypeStandard formState:formState];

     [mainBridge release];

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list