[Webkit-unassigned] [Bug 24992] crash at http://browserspy.dk/browser.php

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 20 12:28:00 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=24992





------- Comment #6 from robert at roberthogan.net  2009-04-20 12:28 PDT -------

in FrameLoader.cpp:

    // this somewhat odd set of steps is needed to give the frame an initial
empty document
    m_isDisplayingInitialEmptyDocument = false;
    m_creatingInitialEmptyDocument = true;
   
setPolicyDocumentLoader(m_client->createDocumentLoader(ResourceRequest(KURL("")),
SubstituteData()).get());
    setProvisionalDocumentLoader(m_policyDocumentLoader.get());
    setState(FrameStateProvisional);
    m_provisionalDocumentLoader->setResponse(ResourceResponse(KURL(),
"text/html", 0, String(), String()));
    m_provisionalDocumentLoader->finishedLoading();


the crash originates from the last line. at this point there's still no
document() available. however numerous calls later qt ends up trying to
reference the document() while adjusting the frame's layout. i think the reason
you don't see it in mac is because qtchromeclient.cpp emits a signal to update
the status bar text, which eventually results in the crash-point expecting to
have a document() to hand. i imagine only qt does this, though it is acting on
a prompt from webcore itself:  WebCore::Chrome::setStatusbarText().

the only sane alternative that i can think of to the patch i previously posted
is:

Index: WebCore/page/Chrome.cpp
===================================================================
--- WebCore/page/Chrome.cpp     (revision 42258)
+++ WebCore/page/Chrome.cpp     (working copy)
@@ -292,7 +292,10 @@
 void Chrome::setStatusbarText(Frame* frame, const String& status)
 {
     ASSERT(frame);
-   
m_client->setStatusbarText(frame->displayStringModifiedByEncoding(status));
+    /* We may not have a document at this point because sometimes the process
of creating an
+       empty one brings us here before the document has been created. */
+    if (frame->document())
+       
m_client->setStatusbarText(frame->displayStringModifiedByEncoding(status));
 }

 bool Chrome::shouldInterruptJavaScript()


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list