Changeset 246187 in webkit


Ignore:
Timestamp:
Jun 6, 2019 10:14:35 PM (5 years ago)
Author:
Chris Dumez
Message:

RELEASE_ASSERT hit in CachedFrame constructor
https://bugs.webkit.org/show_bug.cgi?id=198625
<rdar://problem/49877867>

Reviewed by Geoffrey Garen.

This is a speculative fix, it appears the document is already detached from its
frame by the time we construct a CachedFrame for it when entering PageCache.

No new tests, because we do not know yet how this can be reproduced.

  • history/PageCache.cpp:

(WebCore::canCacheFrame):
Make a frame as ineligible for PageCache if:

  1. It does not have a document

or

  1. Its document is already detached from the frame

(WebCore::PageCache::addIfCacheable):
Destroy the render tree *before* we check if the page can enter page cache, in case
destroying the render tree has any side effects that could make the page ineligible
for Page Cache.

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r246186 r246187  
     12019-06-06  Chris Dumez  <cdumez@apple.com>
     2
     3        RELEASE_ASSERT hit in CachedFrame constructor
     4        https://bugs.webkit.org/show_bug.cgi?id=198625
     5        <rdar://problem/49877867>
     6
     7        Reviewed by Geoffrey Garen.
     8
     9        This is a speculative fix, it appears the document is already detached from its
     10        frame by the time we construct a CachedFrame for it when entering PageCache.
     11
     12        No new tests, because we do not know yet how this can be reproduced.
     13
     14        * history/PageCache.cpp:
     15        (WebCore::canCacheFrame):
     16        Make a frame as ineligible for PageCache if:
     17        1. It does not have a document
     18        or
     19        2. Its document is already detached from the frame
     20
     21        (WebCore::PageCache::addIfCacheable):
     22        Destroy the render tree *before* we check if the page can enter page cache, in case
     23        destroying the render tree has any side effects that could make the page ineligible
     24        for Page Cache.
     25
    1262019-06-06  Devin Rousso  <drousso@apple.com>
    227

  • trunk/Source/WebCore/history/PageCache.cpp

    r239182 r246187  
    9191    }
    9292
     93    if (!frame.document()) {
     94        PCLOG("   -Frame has no document");
     95        return false;
     96    }
     97
     98    if (!frame.document()->frame()) {
     99        PCLOG("   -Document is detached from frame");
     100        ASSERT_NOT_REACHED();
     101        return false;
     102    }
     103
    93104    DocumentLoader* documentLoader = frameLoader.documentLoader();
    94105    if (!documentLoader) {
     
    446457    firePageHideEventRecursively(page->mainFrame());
    447458
     459    destroyRenderTree(page->mainFrame());
     460
    448461    // Check that the page is still page-cacheable after firing the pagehide event. The JS event handlers
    449462    // could have altered the page in a way that could prevent caching.
     
    452465        return false;
    453466    }
    454 
    455     destroyRenderTree(page->mainFrame());
    456467
    457468    setPageCacheState(*page, Document::InPageCache);
Note: See TracChangeset for help on using the changeset viewer.