[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

commit-queue at webkit.org commit-queue at webkit.org
Wed Dec 22 13:29:03 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit cf9206ff64cb18bef9b6fcc1df29b2064cbaef9c
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Sep 16 20:18:36 2010 +0000

    2010-09-16  Pavel Podivilov  <podivilov at chromium.org>
    
            Reviewed by Dimitri Glazkov.
    
            Fix debug crash in HTMLFrameOwnerElement caused by content frame being used after destruction.
            https://bugs.webkit.org/show_bug.cgi?id=45737
    
            Test: fast/frames/frame-limit.html
    
            * html/HTMLFrameOwnerElement.cpp:
            (WebCore::HTMLFrameOwnerElement::willRemove):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67659 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index db1d4d2..5ddfd7e 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-09-16  Pavel Podivilov  <podivilov at chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Fix debug crash in HTMLFrameOwnerElement caused by content frame being used after destruction.
+        https://bugs.webkit.org/show_bug.cgi?id=45737
+
+        Test: fast/frames/frame-limit.html
+
+        * html/HTMLFrameOwnerElement.cpp:
+        (WebCore::HTMLFrameOwnerElement::willRemove):
+
 2010-09-16  Thomas Zander <t.zander at nokia.com>
 
         Reviewed by Andreas Kling.
diff --git a/WebCore/html/HTMLFrameOwnerElement.cpp b/WebCore/html/HTMLFrameOwnerElement.cpp
index b409bcc..2a7b610 100644
--- a/WebCore/html/HTMLFrameOwnerElement.cpp
+++ b/WebCore/html/HTMLFrameOwnerElement.cpp
@@ -54,6 +54,7 @@ void HTMLFrameOwnerElement::willRemove()
     // FIXME: It is unclear why this can't be moved to removedFromDocument()
     // this is the only implementation of willRemove in WebCore!
     if (Frame* frame = contentFrame()) {
+        RefPtr<Frame> protect(frame);
         frame->loader()->frameDetached();
         frame->disconnectOwnerElement();
     }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list