Title: [206633] trunk
- Revision
- 206633
- Author
- [email protected]
- Date
- 2016-09-30 01:27:02 -0700 (Fri, 30 Sep 2016)
Log Message
DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
https://bugs.webkit.org/show_bug.cgi?id=162483
Patch by Youenn Fablet <[email protected]> on 2016-09-30
Reviewed by Alex Christensen.
Source/WebCore:
Test: fetch/closing-while-fetching-blob.html
No change of behavior.
* Modules/fetch/FetchBodyOwner.cpp:
(WebCore::FetchBodyOwner::stop): Asserting m_blobLoader is null (meaning that unsetPendingActivity was done)
only in case FetchBodyOwner has no risk being destroyed.
LayoutTests:
* fetch/closing-while-fetching-blob-expected.txt: Added.
* fetch/closing-while-fetching-blob.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (206632 => 206633)
--- trunk/LayoutTests/ChangeLog 2016-09-30 08:04:52 UTC (rev 206632)
+++ trunk/LayoutTests/ChangeLog 2016-09-30 08:27:02 UTC (rev 206633)
@@ -1,3 +1,13 @@
+2016-09-30 Youenn Fablet <[email protected]>
+
+ DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
+ https://bugs.webkit.org/show_bug.cgi?id=162483
+
+ Reviewed by Alex Christensen.
+
+ * fetch/closing-while-fetching-blob-expected.txt: Added.
+ * fetch/closing-while-fetching-blob.html: Added.
+
2016-09-29 Chris Dumez <[email protected]>
Add support for download attribute on area elements
Added: trunk/LayoutTests/fetch/closing-while-fetching-blob-expected.txt (0 => 206633)
--- trunk/LayoutTests/fetch/closing-while-fetching-blob-expected.txt (rev 0)
+++ trunk/LayoutTests/fetch/closing-while-fetching-blob-expected.txt 2016-09-30 08:27:02 UTC (rev 206633)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/fetch/closing-while-fetching-blob.html (0 => 206633)
--- trunk/LayoutTests/fetch/closing-while-fetching-blob.html (rev 0)
+++ trunk/LayoutTests/fetch/closing-while-fetching-blob.html 2016-09-30 08:27:02 UTC (rev 206633)
@@ -0,0 +1,19 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: closing while retrieving blob should lead to unset pending activity without crashing/asserting</title>
+ <script src=""
+ </head>
+ <body>
+ <div>PASS</div>
+ <script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ // test is passing if no crashes
+ new Response(new Blob(["this is a test"])).text();
+ window.gc();
+ window.location = "about:blank";
+ </script>
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (206632 => 206633)
--- trunk/Source/WebCore/ChangeLog 2016-09-30 08:04:52 UTC (rev 206632)
+++ trunk/Source/WebCore/ChangeLog 2016-09-30 08:27:02 UTC (rev 206633)
@@ -1,3 +1,17 @@
+2016-09-30 Youenn Fablet <[email protected]>
+
+ DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
+ https://bugs.webkit.org/show_bug.cgi?id=162483
+
+ Reviewed by Alex Christensen.
+
+ Test: fetch/closing-while-fetching-blob.html
+ No change of behavior.
+
+ * Modules/fetch/FetchBodyOwner.cpp:
+ (WebCore::FetchBodyOwner::stop): Asserting m_blobLoader is null (meaning that unsetPendingActivity was done)
+ only in case FetchBodyOwner has no risk being destroyed.
+
2016-09-30 Youenn Fablet <[email protected]>
[Fetch API] Add support for URLSearchParams body
Modified: trunk/Source/WebCore/Modules/fetch/FetchBodyOwner.cpp (206632 => 206633)
--- trunk/Source/WebCore/Modules/fetch/FetchBodyOwner.cpp 2016-09-30 08:04:52 UTC (rev 206632)
+++ trunk/Source/WebCore/Modules/fetch/FetchBodyOwner.cpp 2016-09-30 08:27:02 UTC (rev 206633)
@@ -52,10 +52,12 @@
m_body.cleanConsumePromise();
if (m_blobLoader) {
+ bool isUniqueReference = hasOneRef();
if (m_blobLoader->loader)
m_blobLoader->loader->stop();
+ // After that point, 'this' may be destroyed, since unsetPendingActivity should have been called.
+ ASSERT_UNUSED(isUniqueReference, isUniqueReference || !m_blobLoader);
}
- ASSERT(!m_blobLoader);
}
bool FetchBodyOwner::isDisturbedOrLocked() const
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
