[Webkit-unassigned] [Bug 61494] REGRESSION (r78342) - Crashes when Document calls into a freed DocumentLoader
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 27 14:09:57 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=61494
Darin Adler <darin at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #95213|review? |review+
Flag| |
--- Comment #10 from Darin Adler <darin at apple.com> 2011-05-27 14:09:57 PST ---
(From update of attachment 95213)
View in context: https://bugs.webkit.org/attachment.cgi?id=95213&action=review
> Source/WebCore/dom/Document.cpp:4522
> + DocumentLoader* documentLoader = loader();
> + // Since we're still in a Frame, we should have a DocumentLoader.
> + ASSERT(documentLoader);
> + if (documentLoader->substituteData().isValid())
There’s no check of documentLoader being null here. I know you meant to add one.
> Source/WebCore/dom/Document.cpp:4605
> + // Since we're still in a frame, we should have a DocumentLoader.
> + ASSERT(loader());
> + loader()->replaceRequestURLForSameDocumentNavigation(url);
Why was this the one place we decided not to add a null check?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list