<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[19931] trunk/WebCore</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/19931">19931</a></dd>
<dt>Author</dt> <dd>andersca</dd>
<dt>Date</dt> <dd>2007-03-01 18:17:04 -0800 (Thu, 01 Mar 2007)</dd>
</dl>
<h3>Log Message</h3>
<pre> Reviewed by Darin.
<rdar://problem/4960250>
http://bugs.webkit.org/show_bug.cgi?id=11627
REGRESSION: Reproducible crash at IMDb in WebCore::FrameLoader::stopLoadingSubframes
In rare cases, we could end up calling checkLoadComplete twice for the same frame. This would cause the
didFailProvisionalLoad delegate method to be called twice for the same frame, and also cause the provisional document loader
to be reset to null when other code wasn't expecting it.
This regressed in <a href="http://trac.webkit.org/projects/webkit/changeset/10904">revision 10904</a> with the fix for <rdar://problem/4184719>. The fix is to only call stopLoading on the frame
if either the document loader is loading, or the document is still being parsed. I've verified that the bug is still fixed and
that no leaks occur.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::stopLoading):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkWebCoreChangeLog">trunk/WebCore/ChangeLog</a></li>
<li><a href="#trunkWebCoreloaderDocumentLoadercpp">trunk/WebCore/loader/DocumentLoader.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/ChangeLog (19930 => 19931)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/ChangeLog 2007-03-02 01:58:32 UTC (rev 19930)
+++ trunk/WebCore/ChangeLog 2007-03-02 02:17:04 UTC (rev 19931)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2007-03-01 Anders Carlsson <acarlsson@apple.com>
+
+ Reviewed by Darin.
+
+ <rdar://problem/4960250>
+ http://bugs.webkit.org/show_bug.cgi?id=11627
+ REGRESSION: Reproducible crash at IMDb in WebCore::FrameLoader::stopLoadingSubframes
+
+ In rare cases, we could end up calling checkLoadComplete twice for the same frame. This would cause the
+ didFailProvisionalLoad delegate method to be called twice for the same frame, and also cause the provisional document loader
+ to be reset to null when other code wasn't expecting it.
+
+ This regressed in revision 10904 with the fix for <rdar://problem/4184719>. The fix is to only call stopLoading on the frame
+ if either the document loader is loading, or the document is still being parsed. I've verified that the bug is still fixed and
+ that no leaks occur.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::stopLoading):
+
</ins><span class="cx"> 2007-03-01 Krzysztof Kowalczyk <kkowalczyk@gmail.com>
</span><span class="cx">
</span><span class="cx"> Reviewed by Darin.
</span></span></pre></div>
<a id="trunkWebCoreloaderDocumentLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/loader/DocumentLoader.cpp (19930 => 19931)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/loader/DocumentLoader.cpp 2007-03-02 01:58:32 UTC (rev 19930)
+++ trunk/WebCore/loader/DocumentLoader.cpp 2007-03-02 02:17:04 UTC (rev 19931)
</span><span class="lines">@@ -249,10 +249,14 @@
</span><span class="cx"> // but not loads initiated by child frames' data sources -- that's the WebFrame's job.
</span><span class="cx"> void DocumentLoader::stopLoading()
</span><span class="cx"> {
</span><del>- // Always attempt to stop the frame because it may still be loading/parsing after the data source
- // is done loading and not stopping it can cause a world leak.
- if (m_committed)
- m_frame->loader()->stopLoading(false);
</del><ins>+ if (m_committed) {
+ // Attempt to stop the frame if the document loader is loading, or if it is done loading but
+ // still parsing. Failure to do so can cause a world leak.
+ Document* doc = m_frame->document();
+
+ if (m_loading || (doc && doc->parsing()))
+ m_frame->loader()->stopLoading(false);
+ }
</ins><span class="cx">
</span><span class="cx"> if (!m_loading)
</span><span class="cx"> return;
</span></span></pre>
</div>
</div>
</body>
</html>