WebCore`WebCore::Document::open(WebCore::Document*) + 210 at Document.cpp:2647 2643 } 2644 2645 if (m_frame->loader().policyChecker().delegateIsDecidingNavigationPolicy()) 2646 m_frame->loader().policyChecker().stopCheck(); -> 2647 if (m_frame->loader().state() == FrameStateProvisional) 2648 m_frame->loader().stopAllLoaders(); 2649 } 2650 2651 removeAllEventListeners(); We can hit a nullptr crash here because m_frame->loader().policyChecker().stopCheck() invokes m_willSubmitFormCompletionHandlers, and that could clear the frame, etc... <rdar://problem/48883397>
Created attachment 366464 [details] Fixes the bug
Committed r243738: <https://trac.webkit.org/changeset/243738>