<rdar://problem/9328684> and https://bugs.webkit.org/show_bug.cgi?id=62764 Frequent...

Reviewed by Sam Weinig.

No way to reproduce without special malloc debugging and that doesn't even reproduce on all platforms.  So still no test.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::detachFromFrame): Protect m_frame for the duration of this method.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105556 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
old mode 100755 (executable)
new mode 100644 (file)
index 9b92012..96dd800
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2012-01-20  Brady Eidson  <beidson@apple.com>
+
+        <rdar://problem/9328684> and https://bugs.webkit.org/show_bug.cgi?id=62764
+        Frequent crashes due to null frame below ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache
+
+        Reviewed by Sam Weinig.
+
+        No way to reproduce without special malloc debugging and that doesn't even reproduce on all platforms.  So still no test.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::detachFromFrame): Protect m_frame for the duration of this method.
+
 2012-01-20  Alexey Proskuryakov  <ap@apple.com>
 
         WebCore should not send invalid URLs to client createWindow methods.

diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
index 1e38660..7df38ec 100644 (file)
--- a/Source/WebCore/loader/DocumentLoader.cpp
+++ b/Source/WebCore/loader/DocumentLoader.cpp
@@ -405,6 +405,7 @@ void DocumentLoader::attachToFrame()
 void DocumentLoader::detachFromFrame()
 {
     ASSERT(m_frame);
+    RefPtr<Frame> protector(m_frame);
 
     // It never makes sense to have a document loader that is detached from its
     // frame have any loads active, so go ahead and kill all the loads.