[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

commit-queue at webkit.org commit-queue at webkit.org
Mon Feb 21 00:29:29 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit f7fe3ce2cdb8504b199ea534252e7a4d2474bc97
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Feb 1 04:04:16 2011 +0000

    2011-01-31  Charlie Reis  <creis at chromium.org>
    
            Reviewed by Mihai Parparita.
    
            Add sanity check to help diagnose bug 52819
            https://bugs.webkit.org/show_bug.cgi?id=53402
    
            Crash early if the children of fromItem look invalid.
    
            * loader/HistoryController.cpp:
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77210 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 5bf7458..f2a255e 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,14 @@
+2011-01-31  Charlie Reis  <creis at chromium.org>
+
+        Reviewed by Mihai Parparita.
+
+        Add sanity check to help diagnose bug 52819
+        https://bugs.webkit.org/show_bug.cgi?id=53402
+
+        Crash early if the children of fromItem look invalid.
+
+        * loader/HistoryController.cpp:
+
 2011-01-31  Kalle Vahlman  <kalle.vahlman at movial.com>
 
         Reviewed by Andreas Kling.
diff --git a/Source/WebCore/loader/HistoryController.cpp b/Source/WebCore/loader/HistoryController.cpp
index 7eae95e..8f29d3c 100644
--- a/Source/WebCore/loader/HistoryController.cpp
+++ b/Source/WebCore/loader/HistoryController.cpp
@@ -620,6 +620,18 @@ void HistoryController::recursiveSetProvisionalItem(HistoryItem* item, HistoryIt
         const HistoryItemVector& childItems = item->children();
 
         int size = childItems.size();
+
+        // Sanity checks for http://webkit.org/b/52819.
+        if (size > 0) {
+            // fromItem should have same number of children according to hasSameFrames,
+            // but crash dumps suggest it might have 0.
+            if (!fromItem->children().size())
+                CRASH();
+            // itemsAreClones checked fromItem->hasSameFrames(item). Check vice versa.
+            if (!item->hasSameFrames(fromItem))
+                CRASH();
+        }
+
         for (int i = 0; i < size; ++i) {
             String childFrameName = childItems[i]->target();
             HistoryItem* fromChildItem = fromItem->childItemWithTarget(childFrameName);

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list