Crash when marking cached pages for full style recalc

https://bugs.webkit.org/show_bug.cgi?id=79276
<rdar://problem/10884036>

Reviewed by Beth Dakin.

Guard against a null history item.

* history/BackForwardController.cpp:
(WebCore::BackForwardController::markPagesForFullStyleRecalc):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108550 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index da6de8d..b3ec05b 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2012-02-22  Anders Carlsson  <andersca@apple.com>
+
+        Crash when marking cached pages for full style recalc
+        https://bugs.webkit.org/show_bug.cgi?id=79276
+        <rdar://problem/10884036>
+
+        Reviewed by Beth Dakin.
+
+        Guard against a null history item.
+
+        * history/BackForwardController.cpp:
+        (WebCore::BackForwardController::markPagesForFullStyleRecalc):
+
 2012-02-22  Ken Buchanan  <kenrb@chromium.org>
 
         Crash from empty anonymous block preceding :before content

diff --git a/Source/WebCore/history/BackForwardController.cpp b/Source/WebCore/history/BackForwardController.cpp
index d89c9a5..1e8819a 100644 (file)
--- a/Source/WebCore/history/BackForwardController.cpp
+++ b/Source/WebCore/history/BackForwardController.cpp
@@ -116,7 +116,13 @@ void BackForwardController::markPagesForFullStyleRecalc()
     for (int i = first; i <= last; i++) {
         if (!i)
             continue;
-        itemAtIndex(i)->markForFullStyleRecalc();
+
+        // FIXME: itemAtIndex should never return null here, but due to the way the
+        // back/forward list is implemented in WebKit2 it sometimes can, when the
+        // session has been updated in the UI process but the session update message
+        // hasn't yet reached the web process.
+        if (HistoryItem* historyItem = itemAtIndex(i))
+            historyItem->markForFullStyleRecalc();
     }
 }