[Webkit-unassigned] [Bug 165852] WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 14 09:27:38 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=165852
--- Comment #4 from Chris Dumez <cdumez at apple.com> ---
Comment on attachment 297093
--> https://bugs.webkit.org/attachment.cgi?id=297093
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=297093&action=review
>> Source/WebCore/loader/FrameLoader.cpp:929
>> // because they need to be contained in iframes with the srcdoc.
>
> Getting a null frame would mean that we have a top-level frame with an srcdoc document. This is weird unless the iframe that has the srcdoc is not yet (or no longer in the tree), i.e. detached.
Based on the trace, I suspect this would be reproducible if we:
1. Created an iframe with an srcdoc but not add it to the document
2. Add an HTMLImageElement to that srcdoc
3. Set the src attribute on that HTMLImageElement
If so, then this comment and assertion are wrong and your fix is indeed right.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161214/f111395a/attachment.html>
More information about the webkit-unassigned
mailing list