+2015-02-10 Chris Dumez <cdumez@apple.com>
+
+ Add assertion to help track down WebCore::DocumentLoader::stopLoadingForPolicyChange() crash
+ https://bugs.webkit.org/show_bug.cgi?id=141441
+ <rdar://problem/13811738>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add assertion to help track down a crash in
+ WebCore::DocumentLoader::stopLoadingForPolicyChange().
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::~DocumentLoader):
+ Make sure the DocumentLoader is not waiting for a content policy
+ response when it is destroyed. If this were to happen, then the
+ lambda function passed to PolicyChecker::checkContentPolicy()
+ would outlive the DocumentLoader. This is an issue because
+ that lambda function captures [this], which is the DocumentLoader.
+ This would cause DocumentLoader::continueAfterContentPolicy() to
+ be called after the DocumentLoader has been destroyed, which would
+ explain the crash.
+
2015-02-07 Zalan Bujtas <zalan@apple.com>
REGRESSION (r168046): Crash in WebCore::InlineBox::renderer / WebCore::RenderFlowThread::checkLinesConsistency
DocumentLoader::~DocumentLoader()
{
ASSERT(!m_frame || frameLoader()->activeDocumentLoader() != this || !isLoading());
+ ASSERT(!m_waitingForContentPolicy);
if (m_iconLoadDecisionCallback)
m_iconLoadDecisionCallback->invalidate();
if (m_iconDataCallback)
git://git.webkit.org / WebKit-https.git / commitdiff