2007-03-08 Mitz Pettel <mitz@webkit.org>
authorbdash <bdash@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Mar 2007 03:08:35 +0000 (03:08 +0000)
committerbdash <bdash@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Mar 2007 03:08:35 +0000 (03:08 +0000)
        Reviewed by Brady.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13015
          REGRESSION (r17233-r17241): Repro crash when leaving a page whose unload handler submits a form

        Test: fast/loader/onunload-form-submit-crash-2.html

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::finishedLoading): Added null check.

2007-03-08  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Brady.

        - test for http://bugs.webkit.org/show_bug.cgi?id=13015
          REGRESSION (r17233-r17241): Repro crash when leaving a page whose unload handler submits a form

        * fast/loader/onunload-form-submit-crash-2-expected.txt: Added.
        * fast/loader/onunload-form-submit-crash-2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@20078 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/loader/onunload-form-submit-crash-2-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/onunload-form-submit-crash-2.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/loader/DocumentLoader.cpp

index 9fefedf82b187fdc4d066e3bf39fd538fa1d9a50..1c415eb9157a333ba73deb51beb7532ddc290c6d 100644 (file)
@@ -1,3 +1,13 @@
+2007-03-08  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Brady.
+
+        - test for http://bugs.webkit.org/show_bug.cgi?id=13015
+          REGRESSION (r17233-r17241): Repro crash when leaving a page whose unload handler submits a form
+
+        * fast/loader/onunload-form-submit-crash-2-expected.txt: Added.
+        * fast/loader/onunload-form-submit-crash-2.html: Added.
+
 2007-03-08  Justin Garcia  <justin.garcia@apple.com>
 
         Reviewed by harrison
diff --git a/LayoutTests/fast/loader/onunload-form-submit-crash-2-expected.txt b/LayoutTests/fast/loader/onunload-form-submit-crash-2-expected.txt
new file mode 100644 (file)
index 0000000..86aefce
--- /dev/null
@@ -0,0 +1,3 @@
+SUCCESS
+
+
diff --git a/LayoutTests/fast/loader/onunload-form-submit-crash-2.html b/LayoutTests/fast/loader/onunload-form-submit-crash-2.html
new file mode 100644 (file)
index 0000000..9b8e9ef
--- /dev/null
@@ -0,0 +1,28 @@
+<html>
+<head>
+    <title>Test for http://bugs.webkit.org/show_bug.cgi?id=13015</title>
+    <script>
+        function test()
+        {
+            if (location.href.indexOf("?") == -1) {
+                if (window.layoutTestController) {
+                    layoutTestController.dumpAsText();
+                    layoutTestController.waitUntilDone();
+                }
+                location.href = "about:blank";
+            } else {
+                document.getElementById("result").innerText = "SUCCESS";
+                if (window.layoutTestController)
+                    layoutTestController.notifyDone();
+            }
+        }
+    </script>
+</head>
+<body onload="test()" onUnload="document.myForm.submit()">
+    <form name="myForm">
+    </form>
+    <p id="result">
+        Test did not finish.
+    </p>
+</body>
+<html>
index 177114ea9139c9b2669ee2eb1e538d4e2937291f..67cba56c8cf31b3d92ccdb49e57e69ec204d9ef8 100644 (file)
@@ -1,3 +1,15 @@
+2007-03-08  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Brady.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=13015
+          REGRESSION (r17233-r17241): Repro crash when leaving a page whose unload handler submits a form
+
+        Test: fast/loader/onunload-form-submit-crash-2.html
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::finishedLoading): Added null check.
+
 2007-03-08  Justin Garcia  <justin.garcia@apple.com>
 
         Reviewed by harrison
index 0eea5bd77c03129966adef769b821fe48e50c170..4a4e3013e51d53720a7c5640eedfb9061efa9334 100644 (file)
@@ -309,8 +309,10 @@ void DocumentLoader::finishedLoading()
 {
     m_gotFirstByte = true;   
     commitIfReady();
-    frameLoader()->finishedLoadingDocument(this);
-    m_frame->loader()->end();
+    if (FrameLoader* loader = frameLoader()) {
+        loader->finishedLoadingDocument(this);
+        loader->end();
+    }
 }
 
 void DocumentLoader::setCommitted(bool f)