Bug 132163

Summary: FrameLoader::checkCompleted can hit the "ref'ing while destroyed" assertion
Product: WebKit Reporter: Darin Adler <darin>
Component: Page LoadingAssignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, commit-queue, japhet, mark.lam
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch beidson: review+

Description Darin Adler 2014-04-24 19:03:01 PDT
FrameLoader::checkCompleted can hit the "ref'ing while destroyed" assertion
Comment 1 Darin Adler 2014-04-24 19:04:58 PDT
Created attachment 230129 [details]
Patch
Comment 2 Darin Adler 2014-04-24 19:05:41 PDT
<rdar://problem/16720640>
Comment 3 Brady Eidson 2014-04-24 20:18:48 PDT
Comment on attachment 230129 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=230129&action=review

> Source/WebCore/loader/FrameLoader.cpp:819
> +    // of this function can be called the frame's destructor, and it's not legal

...can be called *in* the frame's destructor..
Comment 4 Darin Adler 2014-04-24 23:01:58 PDT
Committed r167790: <http://trac.webkit.org/changeset/167790>