summaryrefslogtreecommitdiff
path: root/Source/WebCore/loader
diff options
context:
space:
mode:
authorNate Chapin <japhet@chromium.org>2013-03-18 18:58:39 +0100
committerThe Qt Project <gerrit-noreply@qt-project.org>2013-03-19 12:11:12 +0100
commit68753e64d1d606d7627fae83e05863d110226c15 (patch)
treec71bce00af9d70514ee9fdf51d269707038528e2 /Source/WebCore/loader
parent089f6d4695cc86680085c0796be8a7c5f3f9e4a8 (diff)
downloadqtwebkit-68753e64d1d606d7627fae83e05863d110226c15.tar.gz
Source/WebCore: Crash in WebCore::FrameLoader::checkCompleted()
https://bugs.webkit.org/show_bug.cgi?id=110237 Reviewed by Abhishek Arya. Test: http/tests/misc/delete-frame-during-readystatechange.html * loader/FrameLoader.cpp: (WebCore::FrameLoader::checkCompleted): Protect before setReadyState() is called. Change-Id: Ibdbd4027708cc942a8658980b5badba1ffcae09e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143514 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Diffstat (limited to 'Source/WebCore/loader')
-rw-r--r--Source/WebCore/loader/FrameLoader.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
index 5716e39d3..7fc354d16 100644
--- a/Source/WebCore/loader/FrameLoader.cpp
+++ b/Source/WebCore/loader/FrameLoader.cpp
@@ -739,6 +739,7 @@ bool FrameLoader::allAncestorsAreComplete() const
void FrameLoader::checkCompleted()
{
+ RefPtr<Frame> protect(m_frame);
m_shouldCallCheckCompleted = false;
if (m_frame->view())
@@ -769,7 +770,6 @@ void FrameLoader::checkCompleted()
m_requestedHistoryItem = 0;
m_frame->document()->setReadyState(Document::Complete);
- RefPtr<Frame> protect(m_frame);
checkCallImplicitClose(); // if we didn't do it before
m_frame->navigationScheduler()->startTimer();
View Lorry Controller Status