Null dereference loading Blink layout test http/tests/misc/detach-during-notifyDone...
[WebKit-https.git] / Source / WebCore / ChangeLog
index d7f3ad78d0f5b2fee76f49cd5b5d0d13bd074ad4..19671ed1454d7ebdb7f1193c13136fb6fdc19647 100644 (file)
@@ -1,3 +1,22 @@
+2015-11-30  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Null dereference loading Blink layout test http/tests/misc/detach-during-notifyDone.html
+        https://bugs.webkit.org/show_bug.cgi?id=149309
+        <rdar://problem/22748363>
+
+        Reviewed by Brent Fulgham.
+
+        A weird order of event execution introduced by the test case will kill the webpage in a
+        subframe of the page while executing its |frame.loader().checkLoadCompleteForThisFrame()|.
+        Therefore, any frames comes after the failing subframe will have no page. Check it before
+        calling to those frames' |frame.loader().checkLoadCompleteForThisFrame()|, otherwise the
+        assertion in |frame.loader().checkLoadCompleteForThisFrame()| will fail.
+
+        Test: http/tests/misc/detach-during-notifyDone.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::checkLoadComplete):
+
 2015-11-30  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r192819.
 2015-11-30  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r192819.