From 70497bb49d085291425eed3bfb5d792e2d0ba4ab Mon Sep 17 00:00:00 2001 From: "mitz@apple.com" Date: Tue, 13 Nov 2007 21:59:47 +0000 Subject: [PATCH] Reviewed by Beth Dakin. - fix Reproducible crash in RenderObject::setStyle involving going Back from a non-HTML document (Bookmarks view, PDF view) The root cause for the crash is that when a non-HTML view enters the frame, the frame's document pointer keeps pointing at the last HTML-type document it contained. This patch does not address the root cause, but makes changes to account for that condition. * loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedMainResourceError): Do not change the frame's current document's page cache state here. (WebCore::FrameLoader::invalidateCurrentItemCachedPage): If the frame's current document is in fact the history item being invalidated, then set its page cache state here. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@27760 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- WebCore/ChangeLog | 18 ++++++++++++++++++ WebCore/loader/FrameLoader.cpp | 5 +++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog index e1c9ea3cfd9e..7d693a0da6bc 100644 --- a/WebCore/ChangeLog +++ b/WebCore/ChangeLog @@ -1,3 +1,21 @@ +2007-11-13 Dan Bernstein + + Reviewed by Beth Dakin. + + - fix Reproducible crash in RenderObject::setStyle involving going Back from a non-HTML document (Bookmarks view, PDF view) + + The root cause for the crash is that when a non-HTML view enters the + frame, the frame's document pointer keeps pointing at the last HTML-type + document it contained. This patch does not address the root cause, but + makes changes to account for that condition. + + * loader/FrameLoader.cpp: + (WebCore::FrameLoader::receivedMainResourceError): Do not change the + frame's current document's page cache state here. + (WebCore::FrameLoader::invalidateCurrentItemCachedPage): If the frame's + current document is in fact the history item being invalidated, then + set its page cache state here. + 2007-11-12 Antti Koivisto Reviewed by Adele. diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp index 0601e091585d..8f12e0ac2d93 100644 --- a/WebCore/loader/FrameLoader.cpp +++ b/WebCore/loader/FrameLoader.cpp @@ -3365,7 +3365,6 @@ void FrameLoader::receivedMainResourceError(const ResourceError& error, bool isC // We might have made a page cache item, but now we're bailing out due to an error before we ever // transitioned to the new page (before WebFrameState == commit). The goal here is to restore any state // so that the existing view (that wenever got far enough to replace) can continue being used. - m_frame->document()->setInPageCache(false); invalidateCurrentItemCachedPage(); // Call clientRedirectCancelledOrFinished here so that the frame load delegate is notified that the redirect's @@ -3918,8 +3917,10 @@ void FrameLoader::invalidateCurrentItemCachedPage() // Both Xcode and FileMaker see this crash, Safari does not. ASSERT(!cachedPage || cachedPage->document() == m_frame->document()); - if (cachedPage && cachedPage->document() == m_frame->document()) + if (cachedPage && cachedPage->document() == m_frame->document()) { + cachedPage->document()->setInPageCache(false); cachedPage->clear(); + } if (cachedPage) pageCache()->remove(m_currentHistoryItem.get()); -- 2.36.0