| Summary: | Possible crash in void ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*) | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Brady Eidson <beidson> | ||||||
| Component: | Page Loading | Assignee: | Brady Eidson <beidson> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | commit-queue, ddkilzer, japhet | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | All | ||||||||
| OS: | All | ||||||||
| Attachments: |
|
||||||||
|
Description
Brady Eidson
2013-12-02 15:12:10 PST
Created attachment 218223 [details]
Patch v1
Comment on attachment 218223 [details]
Patch v1
While there is no harm in adding a null check, if this is actually a race condition, then a null check is likely not sufficient to fix the problem. It might, however, reduce the frequency of a crash.
(In reply to comment #2) > (From update of attachment 218223 [details]) > While there is no harm in adding a null check, if this is actually a race condition, then a null check is likely not sufficient to fix the problem. It might, however, reduce the frequency of a crash. Agreed. Based on looking at disassembly this is our only theory on what's going on, so a more comprehensive fix isn't presenting itself yet. Landed in http://trac.webkit.org/changeset/159974 This null check might have been incorrect More specifically, ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*) might be calling in to a valid m_originatingProgressFrame (and its valid loader), but in FrameLoader::loadProgressingStatusChanged() we might have a null FrameView. Created attachment 218237 [details]
Patch v2 - Also null check a FrameView
Created attachment 218238 |