From 74448d56dfb0a3123af451319ff7b897e15774ce Mon Sep 17 00:00:00 2001
From: John Reck <jreck@google.com>
Date: Thu, 26 Apr 2012 11:31:44 -0700
Subject: Fix use after free

 Bug: 6396295

Change-Id: I7c115a06ee7605956d205d1401b84d1118c8be85
---
 Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Source/WebKit')

diff --git a/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp b/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp
index d7c21e3..271fe58 100644
--- a/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp
+++ b/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp
@@ -945,11 +945,11 @@ void FrameLoaderClientAndroid::transitionToCommittedForNewPage() {
     Retain(webViewCore);
 
     // Save the old WebFrameView's bounds and apply them to the new WebFrameView
-    WebFrameView* oldWebFrameView = static_cast<WebFrameView*> (m_frame->view()->platformWidget());
+    RefPtr<WebCore::FrameView> oldFrameView = m_frame->view();
+    WebFrameView* oldWebFrameView = static_cast<WebFrameView*> (oldFrameView->platformWidget());
     IntRect bounds;
     if (oldWebFrameView)
         bounds = oldWebFrameView->getBounds();
-    WebCore::FrameView* oldFrameView = m_frame->view();
     const float oldZoomFactor = oldFrameView->frame()->textZoomFactor();
     m_frame->createView(bounds.size(), oldFrameView->baseBackgroundColor(), oldFrameView->isTransparent(),
             oldFrameView->fixedLayoutSize(), oldFrameView->useFixedLayout());
-- 
cgit v1.1