Crash in WebCore::NavigationScheduler::startTimer()
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Oct 2013 21:40:55 +0000 (21:40 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Oct 2013 21:40:55 +0000 (21:40 +0000)
commitf5d91a316e882fc7ca32168f47ae4687de655c84
tree600295935a3d1a6d2bedf064b8e3a4316fc02cf8
parent43b3f85df6e4baf9df0cc15afaa9e09ff098f5c7
Crash in WebCore::NavigationScheduler::startTimer()
https://bugs.webkit.org/show_bug.cgi?id=123288
<rdar://problem/14055644>

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Currently NavigationScheduler::startTimer() synchronously notifies the client
before the Web Inspector of a scheduled redirect. If a client cancels this
redirect then NavigationScheduler::m_redirect will become null and we'll
subsequently crash when informing the Web Inspector of this formerly scheduled
redirect. Instead, NavigationScheduler::startTimer() should notify the Web
Inspector before it notifies the client of a scheduled redirect.

As a side benefit of this change, the Web Inspector is notified of a scheduled
redirect before being notified of it being canceled when a client chooses to cancel
a scheduled redirect.

* loader/NavigationScheduler.cpp:
(WebCore::NavigationScheduler::startTimer):

Tools:

Add API test.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.html: Added.
* TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.mm: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@157957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/loader/NavigationScheduler.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.mm [new file with mode: 0644]