[webkit-changes] [214941] releases/WebKitGTK/webkit-2.14

Wed, 05 Apr 2017 03:41:32 -0700

Title: [214941] releases/WebKitGTK/webkit-2.14
Revision
214941
Author
[email protected]
Date
2017-04-05 03:41:09 -0700 (Wed, 05 Apr 2017)

Log Message

Merge r206633 - DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
https://bugs.webkit.org/show_bug.cgi?id=162483

Patch by Youenn Fablet <[email protected]> on 2016-09-30
Reviewed by Alex Christensen.

Source/WebCore:

Test: fetch/closing-while-fetching-blob.html
No change of behavior.

* Modules/fetch/FetchBodyOwner.cpp:
(WebCore::FetchBodyOwner::stop): Asserting m_blobLoader is null (meaning that unsetPendingActivity was done)
only in case FetchBodyOwner has no risk being destroyed.

LayoutTests:

* fetch/closing-while-fetching-blob-expected.txt: Added.
* fetch/closing-while-fetching-blob.html: Added.

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog (214940 => 214941)


--- releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog	2017-04-05 10:40:31 UTC (rev 214940)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog	2017-04-05 10:41:09 UTC (rev 214941)
@@ -1,3 +1,13 @@
+2016-09-30  Youenn Fablet  <[email protected]>
+
+        DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
+        https://bugs.webkit.org/show_bug.cgi?id=162483
+
+        Reviewed by Alex Christensen.
+
+        * fetch/closing-while-fetching-blob-expected.txt: Added.
+        * fetch/closing-while-fetching-blob.html: Added.
+
 2017-02-09  Antti Koivisto  <[email protected]>
 
         Tear down existing renderers when adding a shadow root.

Added: releases/WebKitGTK/webkit-2.14/LayoutTests/fetch/closing-while-fetching-blob-expected.txt (0 => 214941)


--- releases/WebKitGTK/webkit-2.14/LayoutTests/fetch/closing-while-fetching-blob-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/fetch/closing-while-fetching-blob-expected.txt	2017-04-05 10:41:09 UTC (rev 214941)
@@ -0,0 +1 @@
+PASS

Added: releases/WebKitGTK/webkit-2.14/LayoutTests/fetch/closing-while-fetching-blob.html (0 => 214941)


--- releases/WebKitGTK/webkit-2.14/LayoutTests/fetch/closing-while-fetching-blob.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/fetch/closing-while-fetching-blob.html	2017-04-05 10:41:09 UTC (rev 214941)
@@ -0,0 +1,19 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>Fetch: closing while retrieving blob should lead to unset pending activity without crashing/asserting</title>
+    <script src=""
+  </head>
+  <body>
+    <div>PASS</div>
+    <script>
+    if (window.testRunner)
+        testRunner.dumpAsText();
+    // test is passing if no crashes
+    new Response(new Blob(["this is a test"])).text();
+    window.gc();
+    window.location = "about:blank";
+    </script>
+  </body>
+</html>

Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (214940 => 214941)


--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog	2017-04-05 10:40:31 UTC (rev 214940)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog	2017-04-05 10:41:09 UTC (rev 214941)
@@ -1,3 +1,17 @@
+2016-09-30  Youenn Fablet  <[email protected]>
+
+        DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
+        https://bugs.webkit.org/show_bug.cgi?id=162483
+
+        Reviewed by Alex Christensen.
+
+        Test: fetch/closing-while-fetching-blob.html
+        No change of behavior.
+
+        * Modules/fetch/FetchBodyOwner.cpp:
+        (WebCore::FetchBodyOwner::stop): Asserting m_blobLoader is null (meaning that unsetPendingActivity was done)
+        only in case FetchBodyOwner has no risk being destroyed.
+
 2017-02-14  Carlos Garcia Campos  <[email protected]>
 
         Unreviewed, rolling out r211967.

Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/fetch/FetchBodyOwner.cpp (214940 => 214941)


--- releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/fetch/FetchBodyOwner.cpp	2017-04-05 10:40:31 UTC (rev 214940)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/fetch/FetchBodyOwner.cpp	2017-04-05 10:41:09 UTC (rev 214941)
@@ -51,10 +51,12 @@
     m_body.cleanConsumePromise();
 
     if (m_blobLoader) {
+        bool isUniqueReference = hasOneRef();
         if (m_blobLoader->loader)
             m_blobLoader->loader->stop();
+        // After that point, 'this' may be destroyed, since unsetPendingActivity should have been called.
+        ASSERT_UNUSED(isUniqueReference, isUniqueReference || !m_blobLoader);
     }
-    ASSERT(!m_blobLoader);
 }
 
 bool FetchBodyOwner::isDisturbed() const

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to