[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
commit-queue at webkit.org
commit-queue at webkit.org
Sun Feb 20 23:35:59 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit 3fa7c3dc6bda76609681b88aca7aba9a28207aff
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jan 21 23:47:01 2011 +0000
2011-01-21 Charlie Reis <creis at chromium.org>
Reviewed by Darin Fisher.
Crash in WebCore::HistoryController::itemsAreClones
https://bugs.webkit.org/show_bug.cgi?id=52819
Adds sanity checks to help diagnose the crash.
* loader/HistoryController.cpp:
2011-01-21 Charlie Reis <creis at chromium.org>
Reviewed by Darin Fisher.
Crash in WebCore::HistoryController::itemsAreClones
https://bugs.webkit.org/show_bug.cgi?id=52819
Adds sanity checks to help diagnose the crash.
* src/WebFrameImpl.cpp:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76406 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index a6316fa..d523cdb 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,14 @@
+2011-01-21 Charlie Reis <creis at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ Crash in WebCore::HistoryController::itemsAreClones
+ https://bugs.webkit.org/show_bug.cgi?id=52819
+
+ Adds sanity checks to help diagnose the crash.
+
+ * loader/HistoryController.cpp:
+
2011-01-21 Andreas Kling <kling at webkit.org>
Reviewed by Ariya Hidayat.
diff --git a/Source/WebCore/loader/HistoryController.cpp b/Source/WebCore/loader/HistoryController.cpp
index a7bfd11..7c0fc97 100644
--- a/Source/WebCore/loader/HistoryController.cpp
+++ b/Source/WebCore/loader/HistoryController.cpp
@@ -658,6 +658,14 @@ void HistoryController::recursiveGoToItem(HistoryItem* item, HistoryItem* fromIt
bool HistoryController::itemsAreClones(HistoryItem* item1, HistoryItem* item2) const
{
+ // It appears that one of the items can be null in release builds, leading
+ // to the crashes seen in http://webkit.org/b/52819. For now, try to
+ // narrow it down with a more specific crash.
+ if (!item1)
+ CRASH();
+ if (!item2)
+ CRASH();
+
// If the item we're going to is a clone of the item we're at, then we do
// not need to load it again. The current frame tree and the frame tree
// snapshot in the item have to match.
diff --git a/Source/WebKit/chromium/ChangeLog b/Source/WebKit/chromium/ChangeLog
index 8895fe1..e2d81f7 100644
--- a/Source/WebKit/chromium/ChangeLog
+++ b/Source/WebKit/chromium/ChangeLog
@@ -1,3 +1,14 @@
+2011-01-21 Charlie Reis <creis at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ Crash in WebCore::HistoryController::itemsAreClones
+ https://bugs.webkit.org/show_bug.cgi?id=52819
+
+ Adds sanity checks to help diagnose the crash.
+
+ * src/WebFrameImpl.cpp:
+
2011-01-21 Chris Rogers <crogers at google.com>
Reviewed by Darin Fisher.
diff --git a/Source/WebKit/chromium/src/WebFrameImpl.cpp b/Source/WebKit/chromium/src/WebFrameImpl.cpp
index f95611a..8651fa8 100644
--- a/Source/WebKit/chromium/src/WebFrameImpl.cpp
+++ b/Source/WebKit/chromium/src/WebFrameImpl.cpp
@@ -884,6 +884,17 @@ void WebFrameImpl::loadHistoryItem(const WebHistoryItem& item)
RefPtr<HistoryItem> historyItem = PassRefPtr<HistoryItem>(item);
ASSERT(historyItem.get());
+ // Sanity check for http://webkit.org/b/52819. It appears that some child
+ // items of this item might be null. Try validating just the first set of
+ // children in an attempt to catch it early.
+ const HistoryItemVector& childItems = historyItem->children();
+ int size = childItems.size();
+ for (int i = 0; i < size; ++i) {
+ RefPtr<HistoryItem> childItem = childItems[i].get();
+ if (!childItem.get())
+ CRASH();
+ }
+
// If there is no currentItem, which happens when we are navigating in
// session history after a crash, we need to manufacture one otherwise WebKit
// hoarks. This is probably the wrong thing to do, but it seems to work.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list