Changeset 87693 in webkit
- Timestamp:
- May 30, 2011 10:21:14 AM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
html/HTMLLinkElement.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r87692 r87693 1 2011-05-30 Mikhail Naganov <mnaganov@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 [Chromium] Fix regression after r87628. 6 https://bugs.webkit.org/show_bug.cgi?id=61733 7 8 Having r87628 in place, Chrome reliability bot crashes in 9 WebCore::HTMLLinkElement::onloadTimerFired. 10 11 This is because the change makes WebCore::CachedResource::setRequest to 12 call checkNotify on request reset. HTMLLinkElement registers itself as 13 CachedResource client via m_cachedSheet, which can happen even if 14 m_cachedLinkResource wasn't set. As a result, 15 WebCore::HTMLLinkElement::notifyFinished is got called with unset 16 m_cachedLinkResource, which causes a crash in 17 HTMLLinkElement::onloadTimerFired 18 19 * html/HTMLLinkElement.cpp: 20 (WebCore::HTMLLinkElement::notifyFinished): 21 1 22 2011-05-30 Jer Noble <jer.noble@apple.com> 2 23 -
trunk/Source/WebCore/html/HTMLLinkElement.cpp
r87691 r87693 76 76 77 77 if (m_cachedSheet) { 78 m_cachedSheet->removeClient(this); 78 m_cachedSheet->removeClient(this); 79 79 removePendingSheet(); 80 80 } … … 458 458 void HTMLLinkElement::notifyFinished(CachedResource* resource) 459 459 { 460 m_onloadTimer.startOneShot(0); 461 ASSERT(m_cachedLinkResource.get() == resource); 460 ASSERT(m_cachedLinkResource.get() == resource || m_cachedSheet.get() == resource); 461 if (m_cachedLinkResource.get() == resource) 462 m_onloadTimer.startOneShot(0); 462 463 } 463 464 #endif
Note: See TracChangeset
for help on using the changeset viewer.
