commit e0a5162b0cd732f5cb26957b7b251ef6c5480b3d
author eric@webkit.org <eric@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Jun 26 22:45:47 2008 +0000
committer eric@webkit.org <eric@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Jun 26 22:45:47 2008 +0000
tree 59d48196781911ff9af48f5e0863520c49e55581
parent 3ca315013bd77f1c9e1418cdef145e02a1741e2a

        Reviewed by Beth Dakin.

        CSS @import statements can cause DocLoader to use
        a dead Frame pointer.
        https://bugs.webkit.org/show_bug.cgi?id=19618

        The fix is to get rid of the Frame pointer on DocLoader.

        I also took this opportunity to clean up Document::detach
        a little to make it clear why we clear the m_frame pointer
        there, and to note that in the future we should stop
        using Node::detach to mean "tear down the whole rendering
        tree and detach from the frame".

        Test: I don't know how to make a good test for this, the test
        we have is network timing dependent and does not make a good
        layout test.

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::detach):
        (WebCore::Document::clearFramePointer):
        * dom/Document.h:
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::frame):
        * loader/DocLoader.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34815 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/loader/DocLoader.cpp

diff --git a/WebCore/loader/DocLoader.cpp b/WebCore/loader/DocLoader.cpp
index 6ed53bf..cb7b83f 100644
--- a/WebCore/loader/DocLoader.cpp
+++ b/WebCore/loader/DocLoader.cpp
@@ -46,10 +46,9 @@
 
 namespace WebCore {
 
-DocLoader::DocLoader(Frame *frame, Document* doc)
+DocLoader::DocLoader(Document* doc)
     : m_cache(cache())
     , m_cachePolicy(CachePolicyVerify)
-    , m_frame(frame)
     , m_doc(doc)
     , m_requestCount(0)
     , m_autoLoadImages(true)
@@ -68,6 +67,11 @@
     m_cache->removeDocLoader(this);
 }
 
+Frame* DocLoader::frame() const
+{
+    return m_doc->frame();
+}
+
 void DocLoader::checkForReload(const KURL& fullURL)
 {
     if (m_allowStaleResources)
@@ -180,8 +184,8 @@
             m_docResources.remove(it);
         }
     }
-                                                          
-    if (m_frame && m_frame->loader()->isReloading())
+
+    if (frame() && frame()->loader()->isReloading())
         setCachePolicy(CachePolicyReload);
 
     checkForReload(fullURL);
@@ -199,10 +203,10 @@
     if (url.isNull())
         return;
 
-    if (!m_frame)
+    if (!frame())
         return;
 
-    Settings* settings = m_frame->settings();
+    Settings* settings = frame()->settings();
     if (!settings || settings->privateBrowsingEnabled())
         return;
 
@@ -215,7 +219,7 @@
                        m_doc->url().string().utf8().data());
 
     // FIXME: provide a real line number and source URL.
-    m_frame->domWindow()->console()->addMessage(OtherMessageSource, ErrorMessageLevel, message, 1, String());
+    frame()->domWindow()->console()->addMessage(OtherMessageSource, ErrorMessageLevel, message, 1, String());
 }
 
 void DocLoader::setAutoLoadImages(bool enable)
@@ -253,14 +257,14 @@
 void DocLoader::setLoadInProgress(bool load)
 {
     m_loadInProgress = load;
-    if (!load && m_frame)
-        m_frame->loader()->loadDone();
+    if (!load && frame())
+        frame()->loader()->loadDone();
 }
 
 void DocLoader::checkCacheObjectStatus(CachedResource* resource)
 {
     // Return from the function for objects that we didn't load from the cache or if we don't have a frame.
-    if (!resource || !m_frame)
+    if (!resource || !frame())
         return;
 
     switch (resource->status()) {
@@ -274,7 +278,7 @@
     }
 
     // FIXME: If the WebKit client changes or cancels the request, WebCore does not respect this and continues the load.
-    m_frame->loader()->loadedResourceFromMemoryCache(resource);
+    frame()->loader()->loadedResourceFromMemoryCache(resource);
 }
 
 void DocLoader::incrementRequestCount()