[Webkit-unassigned] [Bug 61494] REGRESSION (r78342) - Crashes when Document calls into a freed DocumentLoader
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 27 13:45:26 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=61494
Darin Adler <darin at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #95209|review? |review-
Flag| |
--- Comment #7 from Darin Adler <darin at apple.com> 2011-05-27 13:45:26 PST ---
(From update of attachment 95209)
View in context: https://bugs.webkit.org/attachment.cgi?id=95209&action=review
review- because of the issue inside Document::loader checking the frame’s document.
> Source/WebCore/bindings/ScriptControllerBase.cpp:-119
> + // We're still in a frame, so there should be a DocumentLoader.
> + ASSERT(m_frame->document()->loader());
> m_frame->document()->loader()->writer()->replaceDocument(scriptResult);
> -
Seems safer to have a null check after the assert. We often use that idiom in cases where there is a bit of complexity and uncertainty.
> Source/WebCore/dom/Document.cpp:1110
> - return m_documentLoader->responseMIMEType();
> + if (DocumentLoader* documentLoader = loader())
> + return documentLoader->responseMIMEType();
> + return String();
I like early return better than this idiom, but either is OK.
> Source/WebCore/dom/Document.cpp:3787
> - String httpLastModified = m_documentLoader->response().httpHeaderField("Last-Modified");
> + // Since we're still in a Frame, we should have a DocumentLoader.
> + ASSERT(loader());
> + String httpLastModified = loader()->response().httpHeaderField("Last-Modified");
Even with the assertion, I suggest considering a null check too.
> Source/WebCore/dom/Document.cpp:4520
> + // Since we're still in a Frame, we should have a DocumentLoader.
> + ASSERT(loader());
> + if (loader()->substituteData().isValid())
> securityOrigin()->grantLoadLocalResources();
Even with the assertion, I suggest having a null check too.
> Source/WebCore/dom/Document.cpp:5164
> + ASSERT(m_frame->document() == this);
> +
> + return loader;
I think this assertion should be a runtime check and we should return 0 if the frame has moved on to another document.
It’s a valid state for a document to still be associated with a frame and the frame to have moved on to a new document. In that case, the document loader on the frame is not associated with this document, and so this function should return 0.
> Source/WebCore/html/MediaDocument.cpp:225
> + ASSERT(loader());
> embedElement->setAttribute(typeAttr, loader()->writer()->mimeType());
I’m not sure it’s valuable to assert something is non-null just before dereferencing it. We may be going too extreme with the assertions here.
> Source/WebCore/html/PluginDocument.cpp:96
> + ASSERT(document()->loader());
> m_embedElement->setAttribute(typeAttr, document()->loader()->writer()->mimeType());
Ditto.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list