Title: [218775] trunk/Source
- Revision
- 218775
- Author
- [email protected]
- Date
- 2017-06-23 16:24:11 -0700 (Fri, 23 Jun 2017)
Log Message
Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
https://bugs.webkit.org/show_bug.cgi?id=173792
Reviewed by Ryosuke Niwa.
Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
as this could cause HashTable corruption on WebPageProxy side.
Source/WebCore:
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::finishedLoadingIcon):
Source/WebKit2:
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::finishedLoadingIcon):
* WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (218774 => 218775)
--- trunk/Source/WebCore/ChangeLog 2017-06-23 23:21:37 UTC (rev 218774)
+++ trunk/Source/WebCore/ChangeLog 2017-06-23 23:24:11 UTC (rev 218775)
@@ -1,3 +1,16 @@
+2017-06-23 Chris Dumez <[email protected]>
+
+ Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
+ https://bugs.webkit.org/show_bug.cgi?id=173792
+
+ Reviewed by Ryosuke Niwa.
+
+ Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
+ as this could cause HashTable corruption on WebPageProxy side.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::finishedLoadingIcon):
+
2017-06-23 Youenn Fablet <[email protected]>
webrtc::WebRtcSession is not handling correctly its state when setLocalDescription fails and is called again
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (218774 => 218775)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2017-06-23 23:21:37 UTC (rev 218774)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2017-06-23 23:24:11 UTC (rev 218775)
@@ -1695,10 +1695,10 @@
// If the DocumentLoader has detached from its frame, all icon loads should have already been cancelled.
ASSERT(m_frame);
- auto loadIdentifier = m_iconLoaders.take(&loader);
- ASSERT(loadIdentifier);
+ auto callbackIdentifier = m_iconLoaders.take(&loader);
+ RELEASE_ASSERT(callbackIdentifier);
- m_frame->loader().client().finishedLoadingIcon(loadIdentifier, buffer);
+ m_frame->loader().client().finishedLoadingIcon(callbackIdentifier, buffer);
}
void DocumentLoader::dispatchOnloadEvents()
Modified: trunk/Source/WebKit2/ChangeLog (218774 => 218775)
--- trunk/Source/WebKit2/ChangeLog 2017-06-23 23:21:37 UTC (rev 218774)
+++ trunk/Source/WebKit2/ChangeLog 2017-06-23 23:24:11 UTC (rev 218775)
@@ -1,5 +1,19 @@
2017-06-23 Chris Dumez <[email protected]>
+ Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
+ https://bugs.webkit.org/show_bug.cgi?id=173792
+
+ Reviewed by Ryosuke Niwa.
+
+ Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
+ as this could cause HashTable corruption on WebPageProxy side.
+
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+ (WebKit::WebFrameLoaderClient::finishedLoadingIcon):
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
+
+2017-06-23 Chris Dumez <[email protected]>
+
Stop passing Vector by value in WebProcessProxy::deleteWebsiteDataForTopPrivatelyControlledDomainsInAllPersistentDataStores()
https://bugs.webkit.org/show_bug.cgi?id=173782
Modified: trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (218774 => 218775)
--- trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2017-06-23 23:21:37 UTC (rev 218774)
+++ trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2017-06-23 23:24:11 UTC (rev 218775)
@@ -1813,13 +1813,13 @@
webPage->send(Messages::WebPageProxy::GetLoadDecisionForIcon(icon, callbackID));
}
-void WebFrameLoaderClient::finishedLoadingIcon(uint64_t loadIdentifier, SharedBuffer* data)
+void WebFrameLoaderClient::finishedLoadingIcon(uint64_t callbackIdentifier, SharedBuffer* data)
{
if (WebPage* webPage { m_frame->page() }) {
if (data)
- webPage->send(Messages::WebPageProxy::FinishedLoadingIcon(loadIdentifier, { reinterpret_cast<const uint8_t*>(data->data()), data->size() }));
+ webPage->send(Messages::WebPageProxy::FinishedLoadingIcon(callbackIdentifier, { reinterpret_cast<const uint8_t*>(data->data()), data->size() }));
else
- webPage->send(Messages::WebPageProxy::FinishedLoadingIcon(loadIdentifier, { nullptr, 0 }));
+ webPage->send(Messages::WebPageProxy::FinishedLoadingIcon(callbackIdentifier, { nullptr, 0 }));
}
}
Modified: trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h (218774 => 218775)
--- trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h 2017-06-23 23:21:37 UTC (rev 218774)
+++ trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h 2017-06-23 23:24:11 UTC (rev 218775)
@@ -261,7 +261,7 @@
bool useIconLoadingClient() final;
void getLoadDecisionForIcon(const WebCore::LinkIcon&, uint64_t callbackID) final;
- void finishedLoadingIcon(uint64_t loadIdentifier, WebCore::SharedBuffer*) final;
+ void finishedLoadingIcon(uint64_t callbackIdentifier, WebCore::SharedBuffer*) final;
WebFrame* m_frame;
RefPtr<PluginView> m_pluginView;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
