Changeset 229596 in webkit
- Timestamp:
- Mar 13, 2018 6:02:21 PM (6 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r229589 r229596 1 2018-03-13 Chris Dumez <cdumez@apple.com> 2 3 fast/loader/javascript-url-iframe-remove-on-navigate.html is a flaky crash on iOS with async delegates 4 https://bugs.webkit.org/show_bug.cgi?id=183610 5 6 Reviewed by Youenn Fablet. 7 8 The issue was that in DocumentLoader::loadMainResource(), the call to requestMainResource() which 9 return null due to the load getting cancelled synchronously. If this load is the parent frame's last 10 pending load, then the 'load' event gets fired in the parent frame. In the test, the parent frame's 11 load event handler does a document.write() call which blows away the iframe. As a result, when 12 we return from the requestMainResource(), m_frame is null and we crash later on dereferencing it. 13 14 No new tests, covered by fast/loader/javascript-url-iframe-remove-on-navigate-async-delegate.html 15 which was crashing flakily. 16 17 * loader/DocumentLoader.cpp: 18 (WebCore::DocumentLoader::loadMainResource): 19 1 20 2018-03-13 Jer Noble <jer.noble@apple.com> 2 21 -
trunk/Source/WebCore/loader/DocumentLoader.cpp
r229349 r229596 1719 1719 m_mainResource = m_cachedResourceLoader->requestMainResource(WTFMove(mainResourceRequest)).value_or(nullptr); 1720 1720 1721 #if ENABLE(CONTENT_EXTENSIONS)1722 if (m_mainResource && m_mainResource->errorOccurred() && m_frame->page() && m_mainResource->resourceError().domain() == ContentExtensions::WebKitContentBlockerDomain) {1723 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Blocked by content blocker error (frame = %p, main = %d)", m_frame, m_frame->isMainFrame());1724 cancelMainResourceLoad(frameLoader()->blockedByContentBlockerError(m_request));1725 return;1726 }1727 #endif1728 1729 1721 if (!m_mainResource) { 1722 // The frame may have gone away if this load was cancelled synchronously and this was the last pending load. 1723 // This is because we may have fired the load event in a parent frame. 1724 if (!m_frame) 1725 return; 1726 1730 1727 if (!m_request.url().isValid()) { 1731 1728 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Unable to load main resource, URL is invalid (frame = %p, main = %d)", m_frame, m_frame->isMainFrame()); … … 1744 1741 return; 1745 1742 } 1743 1744 ASSERT(m_frame); 1745 1746 #if ENABLE(CONTENT_EXTENSIONS) 1747 if (m_mainResource->errorOccurred() && m_frame->page() && m_mainResource->resourceError().domain() == ContentExtensions::WebKitContentBlockerDomain) { 1748 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Blocked by content blocker error (frame = %p, main = %d)", m_frame, m_frame->isMainFrame()); 1749 cancelMainResourceLoad(frameLoader()->blockedByContentBlockerError(m_request)); 1750 return; 1751 } 1752 #endif 1746 1753 1747 1754 if (!mainResourceLoader()) {
Note: See TracChangeset
for help on using the changeset viewer.