Bug 52923

Summary: [Chromium] Crash in WebFrameImpl::currentHistoryItem() due to null activeDocumentLoader()
Product: WebKit Reporter: Nate Chapin <japhet>
Component: WebKit Misc.Assignee: Nate Chapin <japhet>
Status: RESOLVED FIXED    
Severity: Normal CC: fishd, jbates, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch
fishd: review+, fishd: commit-queue-
Early exit for null activeDocumentLoader()
none
Patch none

Nate Chapin
Reported 2011-01-21 14:28:02 PST
Original report at http://code.google.com/p/chromium/issues/detail?id=65674 FrameLoader::activeDocumentLoader() is not guaranteed to be non-null, and we appear to be hitting null cases when calling it from RenderView::syncNavigationState() via WebFrameImpl::currentHistoryItem(). It appears we're just using activeDocumentLoader() to determine whether we're still loading. A null activeDocumentLoader() should answer that question pretty clearly as a 'no'.
Attachments
patch (1.62 KB, patch)
2011-01-21 14:35 PST, Nate Chapin 		fishd: review+
fishd: commit-queue-
DetailsFormatted DiffDiff
Early exit for null activeDocumentLoader() (1.45 KB, patch)
2011-07-07 16:07 PDT, Nate Chapin 		no flags
DetailsFormatted DiffDiff
Patch (1.85 KB, patch)
2011-07-11 16:33 PDT, John Bates 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Nate Chapin
Comment 1 2011-01-21 14:35:23 PST
Created attachment 79795 [details] patch
Darin Fisher (:fishd, Google)
Comment 2 2011-01-21 16:28:22 PST
Comment on attachment 79795 [details] patch This is OK, but I'd really like to understand how this is possible. For example, we might want to return WebHistoryItem() in cases like this. Maybe this is happening at shutdown time?
Nate Chapin
Comment 3 2011-07-06 11:40:40 PDT
(In reply to comment #2) > (From update of attachment 79795 [details]) > This is OK, but I'd really like to understand how this is possible. For example, we might want to return WebHistoryItem() in cases like this. Maybe this is happening at shutdown time? Picking this bug back up after 6 months :) Looking through when we set the DocumentLoader members of FrameLoader, it *might* happen during a cancel, but shutdown looks far more likely.
Nate Chapin
Comment 4 2011-07-07 16:07:30 PDT
Created attachment 100044 [details] Early exit for null activeDocumentLoader()
WebKit Review Bot
Comment 5 2011-07-08 10:25:05 PDT
Comment on attachment 100044 [details] Early exit for null activeDocumentLoader() Clearing flags on attachment: 100044 Committed r90641: <http://trac.webkit.org/changeset/90641>
WebKit Review Bot
Comment 6 2011-07-08 10:25:09 PDT
All reviewed patches have been landed. Closing bug.
John Bates
Comment 7 2011-07-11 16:33:54 PDT
Created attachment 100381 [details] Patch
John Bates
Comment 8 2011-07-11 16:35:34 PDT
(In reply to comment #7) > Created an attachment (id=100381) [details] > Patch wrong bug, ignore patch
Note You need to log in before you can comment on or make changes to this bug.