Index: content/renderer/render_frame_impl.cc |
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc |
index bc43dc39a3be545f3d88307cc15e0e988d125049..1ac3bc57251b718063f805cb0ec55a72ac81620c 100644 |
--- a/content/renderer/render_frame_impl.cc |
+++ b/content/renderer/render_frame_impl.cc |
@@ -1497,8 +1497,20 @@ void RenderFrameImpl::OnSwapOut( |
// Now that all of the cleanup is complete and the browser side is notified, |
// start using the RenderFrameProxy, if one is created. |
if (proxy && swapped_out_forbidden) { |
+ // The swap call deletes this RenderFrame via frameDetached. Do not access |
+ // any members after this call. |
+ // TODO(creis): WebFrame::swap() can return false. Most of those cases |
+ // should be due to the frame being detached during unload (in which case |
+ // the necessary cleanup has happened anyway), but it might be possible for |
+ // it to return false without detaching. Catch those cases below to track |
+ // down https://crbug.com/575245. |
frame_->swap(proxy->web_frame()); |
Charlie Reis
2016/01/13 23:30:49
dcheng: I'm not sure what we should do differently
dcheng
2016/01/14 00:15:25
We need to figure out the behavior of sync navigat
|
+ // For main frames, the swap should have cleared the RenderView's pointer to |
+ // this frame. |
+ if (is_main_frame) |
+ CHECK(!render_view->main_render_frame_); |
+ |
if (is_loading) |
proxy->OnDidStartLoading(); |
} |