WebCore:
Reviewed by Darin Adler.
<rdar://problem/8148656> <https://bugs.webkit.org/show_bug.cgi?id=41431>
REGRESSION (r49411): Various crashes due to JavaScript execution during plug-in destruction
Test: plugins/write-xssauditor-from-destroy.html
Fix specific known cases that also crash in same process case. I don't know if there is
any rule for when documentLoader should be checked for being null, it looks like a mess.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::referrer):
* page/XSSAuditor.cpp:
(WebCore::XSSAuditor::findInRequest):
WebKit:
<rdar://problem/8148656> <https://bugs.webkit.org/show_bug.cgi?id=41431>
REGRESSION (r49411): Various crashes due to JavaScript execution during plug-in destruction
Strengthen m_inDestroy "swipe under the carpet" fix.
* Plugins/Hosted/NetscapePluginInstanceProxy.h: Added a long comment about m_inDestroy, and
changed it to static.
* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::NetscapePluginInstanceProxy): m_inDestroy is now
static, so we don't initialize it in constructor.
(WebKit::NetscapePluginInstanceProxy::destroy): Assert that we aren't already destroying
some plug-in.
(WebKit::NetscapePluginInstanceProxy::evaluate): This function accidentally lacked an
m_inDestroy check in r42789.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@62279 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index 693e985..09a981b 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -3352,7 +3352,7 @@
String FrameLoader::referrer() const
{
- return documentLoader()->request().httpReferrer();
+ return m_documentLoader ? m_documentLoader->request().httpReferrer() : "";
}
void FrameLoader::dispatchDocumentElementAvailable()
