Changeset 70517 in webkit
- Timestamp:
- Oct 26, 2010, 6:29:04 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/fast/events/form-iframe-target-before-load-crash-expected.txt (added)
-
LayoutTests/fast/events/form-iframe-target-before-load-crash.html (added)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/loader/FrameLoader.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r70513 r70517 1 2010-10-26 Abhishek Arya <inferno@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Tests that submit the form on a removed target iframe does not result in crash. 6 https://bugs.webkit.org/show_bug.cgi?id=48281 7 8 * fast/events/form-iframe-target-before-load-crash-expected.txt: Added. 9 * fast/events/form-iframe-target-before-load-crash.html: Added. 10 1 11 2010-10-26 Sheriff Bot <webkit.review.bot@gmail.com> 2 12 -
trunk/WebCore/ChangeLog
r70516 r70517 1 2010-10-26 Abhishek Arya <inferno@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Protect the frame from being blown away in loadWithDocumentLoader function call. 6 dispatchBeforeLoadEvent can cause the frame to be freed, which gets later used in 7 continueLoadAfterNavigationPolicy call. 8 https://bugs.webkit.org/show_bug.cgi?id=48281 9 10 Test: fast/events/form-iframe-target-before-load-crash.html 11 12 * loader/FrameLoader.cpp: 13 (WebCore::FrameLoader::loadWithDocumentLoader): 14 1 15 2010-10-26 Xan Lopez <xlopez@igalia.com> 2 16 -
trunk/WebCore/loader/FrameLoader.cpp
r70333 r70517 1436 1436 void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType type, PassRefPtr<FormState> prpFormState) 1437 1437 { 1438 // Retain because dispatchBeforeLoadEvent may release the last reference to it. 1439 RefPtr<Frame> protect(m_frame); 1440 1438 1441 ASSERT(m_client->hasWebView()); 1439 1442
Note:
See TracChangeset
for help on using the changeset viewer.