[Webkit-unassigned] [Bug 61494] REGRESSION (r78342) - Crashes when Document calls into a freed DocumentLoader
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 27 14:17:27 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=61494
Brady Eidson <beidson at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #11 from Brady Eidson <beidson at apple.com> 2011-05-27 14:17:27 PST ---
(In reply to comment #10)
> (From update of attachment 95213 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=95213&action=review
>
> > Source/WebCore/dom/Document.cpp:4522
> > + DocumentLoader* documentLoader = loader();
> > + // Since we're still in a Frame, we should have a DocumentLoader.
> > + ASSERT(documentLoader);
> > + if (documentLoader->substituteData().isValid())
>
> There’s no check of documentLoader being null here. I know you meant to add one.
Yup, added.
> > Source/WebCore/dom/Document.cpp:4605
> > + // Since we're still in a frame, we should have a DocumentLoader.
> > + ASSERT(loader());
> > + loader()->replaceRequestURLForSameDocumentNavigation(url);
>
> Why was this the one place we decided not to add a null check?
I've added one, and landed in http://trac.webkit.org/changeset/87566
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list