[Webkit-unassigned] [Bug 54219] Crash in WebCore::FrameLoader::continueLoadAfterNavigationPolicy
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 11 14:34:03 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=54219
--- Comment #5 from Charles Reis <creis at chromium.org> 2011-02-11 14:34:03 PST ---
(In reply to comment #4)
> (In reply to comment #3)
> > Any thoughts on the right way to fix this?
>
> At the very least, it seems like you'd want to protect the provisional item with a RefPtr. I ran into something similar with http://trac.webkit.org/changeset/71170.
Actually, it's already protected with a RefPtr in HistoryController. I suppose we could also put it in a RefPtr in loadDifferentDocumentItem, but that wouldn't prevent this crash.
In other words, the HistoryItem itself isn't being deleted and then used. The problem is that we set the HistoryController's provisional item, then start an entirely unrelated nested navigation (which sets and commits a different provisional item), and then we expect to commit the first provisional item. HistoryController isn't set up to have a stack of navigations in progress.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list