RESOLVED FIXED 13015
REGRESSION (r17233-r17241): Repro crash when leaving a page whose unload handler submits a form 
https://bugs.webkit.org/show_bug.cgi?id=13015
Summary REGRESSION (r17233-r17241): Repro crash when leaving a page whose unload hand...
mitz
Reported 2007-03-08 13:52:47 PST
Steps to reproduce: 1) Open WebCore/manual-tests/onunload-form-submit-crash.html 2) Enter "about:blank" in Safari's address bar Backtrace: 0 WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader*) + 0 1 WebCore::DocumentLoader::finishedLoading() + 48 2 WebCore::FrameLoader::finishedLoading() + 92 3 WebCore::MainResourceLoader::didFinishLoading() + 56 4 WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction, WebCore::ResourceResponse const&) + 1096 5 WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 64 6 WebCore::FrameLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 476 7 -[WebFramePolicyListener receivedPolicyDecision:] + 80 8 0x1000 + 121228 9 objc_msgSendv + 180 Note: Following the instructions on the manual test does not result in a crash.
Attachments
Add missing null check (3.38 KB, patch)
2007-03-08 14:14 PST, mitz 		no flags
DetailsFormatted DiffDiff
Add missing null check (3.51 KB, patch)
2007-03-09 03:27 PST, mitz 		andersca: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2007-03-08 14:14:17 PST
Created attachment 13547 [details] Add missing null check
Brady Eidson
Comment 2 2007-03-08 14:19:23 PST
Comment on attachment 13547 [details] Add missing null check Sure!
Mark Rowe (bdash)
Comment 3 2007-03-08 19:22:17 PST
Landed in r20078.
Mark Rowe (bdash)
Comment 4 2007-03-09 02:14:16 PST
Rolled out again in r20088 as this is causing crashes during layout tests.
mitz
Comment 5 2007-03-09 03:11:54 PST
Comment on attachment 13547 [details] Add missing null check The test was a trap - as DRT tried to load the next test, it kept returning to the previous one.
mitz
Comment 6 2007-03-09 03:27:43 PST
Created attachment 13555 [details] Add missing null check Changed the test so that it won't submit the form the second time. I'm not flagging this for review yet because the "bad" test also managed to crash DRT and I'm still investigating that.
Darin Adler
Comment 7 2007-03-09 09:07:05 PST
I think the issue is probably that we need to retain the frame?
Darin Adler
Comment 8 2007-03-09 09:07:46 PST
I mean ref() the frame. Also if we're no longer the main document maybe it's too late to call end()? We should ask Anders about this.
Anders Carlsson
Comment 9 2007-03-12 17:54:32 PDT
Comment on attachment 13555 [details] Add missing null check r=me
Anders Carlsson
Comment 10 2007-03-12 17:55:58 PDT
This regressed in http://trac.webkit.org/projects/webkit/changeset/17238 and I've verified that the bad test also crashes in DRT in revision 17237 so that is unrelated.
David Kilzer (:ddkilzer)
Comment 11 2007-03-12 21:02:56 PDT
Committed revision 20135.
Note You need to log in before you can comment on or make changes to this bug.