Title: [214276] trunk/Source/WebCore
- Revision
- 214276
- Author
- [email protected]
- Date
- 2017-03-22 13:46:31 -0700 (Wed, 22 Mar 2017)
Log Message
ASan violation in IconLoader::stopLoading
https://bugs.webkit.org/show_bug.cgi?id=169960
<rdar://problem/30577691>
Reviewed by David Kilzer.
DocumentLoader::finishLoadingIcon handles the life cycle of the IconLoader. Once this method is called,
we should return immediately rather than attempt to make further modifications to the IconLoader.
No new tests due to lack of test features (see https://bugs.webkit.org/show_bug.cgi?id=164895). Easily
tested in MiniBrowser under ASan visiting websites with icons.
* loader/icon/IconLoader.cpp:
(WebCore::IconLoader::notifyFinished):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (214275 => 214276)
--- trunk/Source/WebCore/ChangeLog 2017-03-22 20:33:41 UTC (rev 214275)
+++ trunk/Source/WebCore/ChangeLog 2017-03-22 20:46:31 UTC (rev 214276)
@@ -1,3 +1,20 @@
+2017-03-22 Brent Fulgham <[email protected]>
+
+ ASan violation in IconLoader::stopLoading
+ https://bugs.webkit.org/show_bug.cgi?id=169960
+ <rdar://problem/30577691>
+
+ Reviewed by David Kilzer.
+
+ DocumentLoader::finishLoadingIcon handles the life cycle of the IconLoader. Once this method is called,
+ we should return immediately rather than attempt to make further modifications to the IconLoader.
+
+ No new tests due to lack of test features (see https://bugs.webkit.org/show_bug.cgi?id=164895). Easily
+ tested in MiniBrowser under ASan visiting websites with icons.
+
+ * loader/icon/IconLoader.cpp:
+ (WebCore::IconLoader::notifyFinished):
+
2017-03-22 Nan Wang <[email protected]>
AX: WebKit is returning the wrong rangeForLine
Modified: trunk/Source/WebCore/loader/icon/IconLoader.cpp (214275 => 214276)
--- trunk/Source/WebCore/loader/icon/IconLoader.cpp 2017-03-22 20:33:41 UTC (rev 214275)
+++ trunk/Source/WebCore/loader/icon/IconLoader.cpp 2017-03-22 20:46:31 UTC (rev 214276)
@@ -124,17 +124,20 @@
LOG(IconDatabase, "IconLoader::finishLoading() - Committing iconURL %s to database", m_resource->url().string().ascii().data());
- if (m_frame) {
- m_frame->loader().icon().commitToDatabase(m_resource->url());
+ if (!m_frame) {
+ // DocumentLoader::finishedLoadingIcon destroys this IconLoader as it finishes. This will automatically
+ // trigger IconLoader::stopLoading() during destruction, so we should just return here.
+ m_documentLoader->finishedLoadingIcon(*this, data);
+ return;
+ }
- // Setting the icon data only after committing to the database ensures that the data is
- // kept in memory (so it does not have to be read from the database asynchronously), since
- // there is a page URL referencing it.
- iconDatabase().setIconDataForIconURL(data, m_resource->url().string());
- m_frame->loader().client().dispatchDidReceiveIcon();
+ m_frame->loader().icon().commitToDatabase(m_resource->url());
- } else
- m_documentLoader->finishedLoadingIcon(*this, data);
+ // Setting the icon data only after committing to the database ensures that the data is
+ // kept in memory (so it does not have to be read from the database asynchronously), since
+ // there is a page URL referencing it.
+ iconDatabase().setIconDataForIconURL(data, m_resource->url().string());
+ m_frame->loader().client().dispatchDidReceiveIcon();
stopLoading();
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
