[Chromium] Fix crash in WebFrameImpl::loadHistoryItem
authortkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Sep 2012 07:20:40 +0000 (07:20 +0000)
committertkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Sep 2012 07:20:40 +0000 (07:20 +0000)
https://bugs.webkit.org/show_bug.cgi?id=96352

Reviewed by Adam Barth.

We have some crash reports with the following stack:
  - HistoryItem::shouldDoSameDocumentNavigationTo.
  - WebFrameImpl::loadHistoryItem
  ...

We don't have reproducible steps, and not sure what's the root
cause. Anyway we should check nullness of currentItem because
HistoryController::m_currentItem can be 0.

* src/WebFrameImpl.cpp:
(WebKit::WebFrameImpl::loadHistoryItem):
Check nullness of currentItem.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@128972 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/WebFrameImpl.cpp

index 276bfd7..989894d 100644 (file)
@@ -1,3 +1,23 @@
+2012-09-19  Kent Tamura  <tkent@chromium.org>
+
+        [Chromium] Fix crash in WebFrameImpl::loadHistoryItem
+        https://bugs.webkit.org/show_bug.cgi?id=96352
+
+        Reviewed by Adam Barth.
+
+        We have some crash reports with the following stack:
+          - HistoryItem::shouldDoSameDocumentNavigationTo.
+          - WebFrameImpl::loadHistoryItem
+          ...
+
+        We don't have reproducible steps, and not sure what's the root
+        cause. Anyway we should check nullness of currentItem because
+        HistoryController::m_currentItem can be 0.
+
+        * src/WebFrameImpl.cpp:
+        (WebKit::WebFrameImpl::loadHistoryItem):
+        Check nullness of currentItem.
+
 2012-09-18  Sailesh Agrawal  <sail@chromium.org>
 
         Chromium: Scrollbar with tickmarks doesn't respond to clicks
index 47854c8..6d68a6f 100644 (file)
@@ -1029,7 +1029,7 @@ void WebFrameImpl::loadHistoryItem(const WebHistoryItem& item)
 
     m_frame->loader()->prepareForHistoryNavigation();
     RefPtr<HistoryItem> currentItem = m_frame->loader()->history()->currentItem();
-    m_inSameDocumentHistoryLoad = currentItem->shouldDoSameDocumentNavigationTo(historyItem.get());
+    m_inSameDocumentHistoryLoad = currentItem && currentItem->shouldDoSameDocumentNavigationTo(historyItem.get());
     m_frame->page()->goToItem(historyItem.get(),
                               FrameLoadTypeIndexedBackForward);
     m_inSameDocumentHistoryLoad = false;