Commit 62b5cc5a authored by beidson@apple.com's avatar beidson@apple.com

Crash in Page::backForwardList when using History object from a detached window

<rdar://problem/7556252> and https://bugs.webkit.org/show_bug.cgi?id=33828

Reviewed by Alexey Proskuryakov.

WebCore: 

Test: fast/loader/stateobjects/state-api-on-detached-frame-crash.html

* page/History.cpp:
(WebCore::History::stateObjectAdded): Do an early return when detached. The spec
  doesn't really cover expected behavior and we already do something similar in 
  other places, such as in History::length().

LayoutTests: 

* fast/loader/stateobjects/state-api-on-detached-frame-crash-expected.txt: Added.
* fast/loader/stateobjects/state-api-on-detached-frame-crash.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53472 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 037cf33e
2010-01-19 Brady Eidson <beidson@apple.com>
Reviewed by Alexey Proskuryakov.
Crash in Page::backForwardList when using History object from a detached window
<rdar://problem/7556252> and https://bugs.webkit.org/show_bug.cgi?id=33828
* fast/loader/stateobjects/state-api-on-detached-frame-crash-expected.txt: Added.
* fast/loader/stateobjects/state-api-on-detached-frame-crash.html: Added.
2010-01-19 Yury Semikhatsky <yurys@chromium.org>
Reviewed by NOBODY (build fix).
<html>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
function runTest()
{
var ifr = frames[0];
document.body.removeChild(document.getElementsByTagName("iframe")[0])
try {
ifr.history.replaceState("foo", "bar");
} catch(e) {
alert(e);
}
try {
ifr.history.pushState("fu", "barred");
} catch(e) {
alert(e);
}
}
</script>
<body onload="runTest();">
If this test doesn't crash, it passed.
<iframe src="about:blank">
</iframe>
</body>
</html>
2010-01-19 Brady Eidson <beidson@apple.com>
Reviewed by Alexey Proskuryakov.
Crash in Page::backForwardList when using History object from a detached window
<rdar://problem/7556252> and https://bugs.webkit.org/show_bug.cgi?id=33828
Test: fast/loader/stateobjects/state-api-on-detached-frame-crash.html
* page/History.cpp:
(WebCore::History::stateObjectAdded): Do an early return when detached. The spec
doesn't really cover expected behavior and we already do something similar in
other places, such as in History::length().
2010-01-19 Yury Semikhatsky <yurys@chromium.org>
Reviewed by NOBODY (build fix).
......@@ -98,9 +98,8 @@ KURL History::urlForState(const String& urlString)
void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& title, const String& urlString, StateObjectType stateObjectType, ExceptionCode& ec)
{
if (!m_frame)
if (!m_frame || !m_frame->page())
return;
ASSERT(m_frame->page());
KURL fullURL = urlForState(urlString);
if (!fullURL.isValid()) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment