Google Git
Sign in
webkit / WebKit / c16ea84657e25023dd34351019b6b9389fc70b73
commitc16ea84657e25023dd34351019b6b9389fc70b73[log] [tgz]
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 10 19:01:51 2015 +0000
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 10 19:01:51 2015 +0000
tree3c9cec9a059f3ae8ecbb53039f488ede40c3aa40
parentb47a7ac666692b3ab858f91d97ae5780ba9707c9 [diff]
Crash in HistoryController::updateForCommit dereferencing a null HistoryItem.
<rdar://problem/21371589> and https://bugs.webkit.org/show_bug.cgi?id=146842

Reviewed by Chris Dumez.

No new tests (Unknown how to reproduce).

This patch basically rolls back part of http://trac.webkit.org/changeset/179472.

r179472 changed HistoryController::setCurrentItem() to take a reference instead of a pointer.
Unfortunately, we sometimes call setCurrentItem(nullptr).

We'd like to *not* do that, and there are assertions in place to try to catch when we do,
but in the meantime it is not valid to dereference nullptr.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadSameDocumentItem):

* loader/HistoryController.cpp:
(WebCore::HistoryController::updateForCommit):
(WebCore::HistoryController::recursiveUpdateForCommit):
(WebCore::HistoryController::recursiveUpdateForSameDocumentNavigation):
(WebCore::HistoryController::setCurrentItem): Take a ptr instead of a ref.
(WebCore::HistoryController::createItem):
* loader/HistoryController.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@186683 268f45cc-cd09-0410-ab3c-d52691b4dbfc
4 files changed
tree: 3c9cec9a059f3ae8ecbb53039f488ede40c3aa40
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. ChangeLog
  14. ChangeLog-2012-05-22
  15. CMakeLists.txt
  16. Makefile
  17. Makefile.shared