Summary: | Crash calling disconnectFrame on a DOMWindowExtension a second time | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Jessie Berlin <jberlin> | ||||
Component: | Page Loading | Assignee: | Jessie Berlin <jberlin> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, beidson, eric, jberlin, sam | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Jessie Berlin
2012-05-01 12:11:17 PDT
Created attachment 139657 [details]
Patch
Comment on attachment 139657 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=139657&action=review Is there a way to create a regression test for this? > Source/WebCore/page/DOMWindowExtension.cpp:60 > + ASSERT(!this->frame()); No need for this-> here. (In reply to comment #2) > (From update of attachment 139657 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=139657&action=review > > Is there a way to create a regression test for this? The only way I was able to reproduce this was to keep navigating to pages that were page-cache-worthy until the JSC timer was fired. I am not sure what else would reliably trigger the DOMWindow destruction after it had already gone into the the page cache without first detaching the page. > > > Source/WebCore/page/DOMWindowExtension.cpp:60 > > + ASSERT(!this->frame()); > > No need for this-> here. Fixed. Thanks for the review! Comment on attachment 139657 [details] Patch Committed in http://trac.webkit.org/changeset/115746 |