Crash in HistoryController::updateForCommit dereferencing a null HistoryItem.
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Jul 2015 19:01:51 +0000 (19:01 +0000)
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Jul 2015 19:01:51 +0000 (19:01 +0000)
commitde73e6f3d748d6049fb974cdca4efc179e838a9d
tree3c9cec9a059f3ae8ecbb53039f488ede40c3aa40
parent3e08daeec8e7b49a9b7aafb39eae17a54dbf95da
Crash in HistoryController::updateForCommit dereferencing a null HistoryItem.
<rdar://problem/21371589> and https://bugs.webkit.org/show_bug.cgi?id=146842

Reviewed by Chris Dumez.

No new tests (Unknown how to reproduce).

This patch basically rolls back part of http://trac.webkit.org/changeset/179472.

r179472 changed HistoryController::setCurrentItem() to take a reference instead of a pointer.
Unfortunately, we sometimes call setCurrentItem(nullptr).

We'd like to *not* do that, and there are assertions in place to try to catch when we do,
but in the meantime it is not valid to dereference nullptr.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadSameDocumentItem):

* loader/HistoryController.cpp:
(WebCore::HistoryController::updateForCommit):
(WebCore::HistoryController::recursiveUpdateForCommit):
(WebCore::HistoryController::recursiveUpdateForSameDocumentNavigation):
(WebCore::HistoryController::setCurrentItem): Take a ptr instead of a ref.
(WebCore::HistoryController::createItem):
* loader/HistoryController.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@186683 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/loader/HistoryController.cpp
Source/WebCore/loader/HistoryController.h