[Webkit-unassigned] [Bug 54219] Crash in WebCore::FrameLoader::continueLoadAfterNavigationPolicy
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 10 12:42:16 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=54219
--- Comment #2 from Charles Reis <creis at chromium.org> 2011-02-10 12:42:16 PST ---
The location of the crash in the crash dump's disassembly does seem to confirm that we've already called isBackForwardNavigation and then blow up when we access history()->provisionalItem()->isInPageCache(), which is inlined.
The curious thing is that the provisional item gets set on the first line of loadDifferentDocumentItem, which is still on the call stack. That means something between there and here cleared the provisional item.
The closest thing I see is the call to stopAllLoaders just above the crash, but that's explicitly called with ShouldNotClearProvisionalItem (because we know a new navigation is in progress). We started clearing provisional items in stopAllLoaders as part of http://trac.webkit.org/changeset/76357.
For what it's worth, a simple null check is not sufficient to fix the problem-- that just delays the crash until later. It looks like we're expecting the provisional item to be valid here.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list