Skip to site navigation (Press enter)

[webkit-changes] [174404] trunk/Source/WebCore

psolanki Tue, 07 Oct 2014 13:38:19 -0700

Title: [174404] trunk/Source/WebCore

Revision: 174404
Author: psola...@apple.com
Date: 2014-10-07 13:37:48 -0700 (Tue, 07 Oct 2014)

Log Message

[iOS] WebKit1 clients crash in DiskCacheMonitor::tryGetFileBackedSharedBufferFromCFURLCachedResponse()
https://bugs.webkit.org/show_bug.cgi?id=137495
<rdar://problem/18495034>


Reviewed by Andreas Kling.

Retain/release the CFCachedURLResponseRef object otherwise we could access a deleted object
and crash on the web thread.

* loader/cocoa/DiskCacheMonitorCocoa.mm:
(WebCore::DiskCacheMonitor::DiskCacheMonitor):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/cocoa/DiskCacheMonitorCocoa.mm

Diff

Modified: trunk/Source/WebCore/ChangeLog (174403 => 174404)


--- trunk/Source/WebCore/ChangeLog	2014-10-07 19:33:53 UTC (rev 174403)
+++ trunk/Source/WebCore/ChangeLog	2014-10-07 20:37:48 UTC (rev 174404)
@@ -1,3 +1,17 @@
+2014-10-07  Pratik Solanki  <psola...@apple.com>
+
+        [iOS] WebKit1 clients crash in DiskCacheMonitor::tryGetFileBackedSharedBufferFromCFURLCachedResponse()
+        https://bugs.webkit.org/show_bug.cgi?id=137495
+        <rdar://problem/18495034>
+
+        Reviewed by Andreas Kling.
+
+        Retain/release the CFCachedURLResponseRef object otherwise we could access a deleted object
+        and crash on the web thread.
+
+        * loader/cocoa/DiskCacheMonitorCocoa.mm:
+        (WebCore::DiskCacheMonitor::DiskCacheMonitor):
+
 2014-10-07  Christophe Dumez  <cdu...@apple.com>
 
         Use is<>() / downcast<>() for RenderText / RenderTextFragment

Modified: trunk/Source/WebCore/loader/cocoa/DiskCacheMonitorCocoa.mm (174403 => 174404)


--- trunk/Source/WebCore/loader/cocoa/DiskCacheMonitorCocoa.mm	2014-10-07 19:33:53 UTC (rev 174403)
+++ trunk/Source/WebCore/loader/cocoa/DiskCacheMonitorCocoa.mm	2014-10-07 20:37:48 UTC (rev 174404)
@@ -110,8 +110,10 @@
 #if USE(WEB_THREAD)
     CFCachedURLResponseCallBackBlock blockToRun = ^ (CFCachedURLResponseRef response)
     {
+        CFRetain(response);
         WebThreadRun(^ {
             block(response);
+            CFRelease(response);
         });
     };
 #else

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes