Changeset 70517 in webkit


Ignore:
Timestamp:
Oct 26, 2010, 6:29:04 AM (14 years ago)
Author:
inferno@chromium.org
Message:

2010-10-26 Abhishek Arya <inferno@chromium.org>

Reviewed by Adam Barth.

Protect the frame from being blown away in loadWithDocumentLoader function call.
dispatchBeforeLoadEvent can cause the frame to be freed, which gets later used in
continueLoadAfterNavigationPolicy call.
https://bugs.webkit.org/show_bug.cgi?id=48281

Test: fast/events/form-iframe-target-before-load-crash.html

  • loader/FrameLoader.cpp: (WebCore::FrameLoader::loadWithDocumentLoader):

2010-10-26 Abhishek Arya <inferno@chromium.org>

Reviewed by Adam Barth.

Tests that submit the form on a removed target iframe does not result in crash.
https://bugs.webkit.org/show_bug.cgi?id=48281

  • fast/events/form-iframe-target-before-load-crash-expected.txt: Added.
  • fast/events/form-iframe-target-before-load-crash.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r70513 r70517  
     12010-10-26  Abhishek Arya  <inferno@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Tests that submit the form on a removed target iframe does not result in crash.
     6        https://bugs.webkit.org/show_bug.cgi?id=48281
     7
     8        * fast/events/form-iframe-target-before-load-crash-expected.txt: Added.
     9        * fast/events/form-iframe-target-before-load-crash.html: Added.
     10
    1112010-10-26  Sheriff Bot  <webkit.review.bot@gmail.com>
    212
  • trunk/WebCore/ChangeLog

    r70516 r70517  
     12010-10-26  Abhishek Arya  <inferno@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Protect the frame from being blown away in loadWithDocumentLoader function call.
     6        dispatchBeforeLoadEvent can cause the frame to be freed, which gets later used in
     7        continueLoadAfterNavigationPolicy call.
     8        https://bugs.webkit.org/show_bug.cgi?id=48281
     9
     10        Test: fast/events/form-iframe-target-before-load-crash.html
     11
     12        * loader/FrameLoader.cpp:
     13        (WebCore::FrameLoader::loadWithDocumentLoader):
     14
    1152010-10-26  Xan Lopez  <xlopez@igalia.com>
    216
  • trunk/WebCore/loader/FrameLoader.cpp

    r70333 r70517  
    14361436void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType type, PassRefPtr<FormState> prpFormState)
    14371437{
     1438    // Retain because dispatchBeforeLoadEvent may release the last reference to it.
     1439    RefPtr<Frame> protect(m_frame);
     1440
    14381441    ASSERT(m_client->hasWebView());
    14391442
Note: See TracChangeset for help on using the changeset viewer.