Title: [234034] branches/safari-606-branch/Source/WebCore
- Revision
- 234034
- Author
- [email protected]
- Date
- 2018-07-20 01:05:52 -0700 (Fri, 20 Jul 2018)
Log Message
Cherry-pick r234013. rdar://problem/42417130
Crash under WebCore::DocumentWriter::addData()
https://bugs.webkit.org/show_bug.cgi?id=187819
<rdar://problem/41328743>
Reviewed by Brady Eidson.
When AppCache is used a DocumentLoader may start a NetworkLoad even though it has substitute data.
In DocumentLoader::continueAfterContentPolicy(), if we have substitute data we commit this data
and call finishLoad(). However, if the case where there was a NetworkLoad started, we'll send the
ContinueDidReceiveResponse IPC back to the network process and it will start sending us data for
the load. This could lead to crashes such as <rdar://problem/41328743> since the DocumentLoader
has already committed data and finished loading when it gets the data from the network process.
To address the issue, we now call clearMainResource() in continueAfterContentPolicy(), after we've
decided to commit the substitute data. This effectively removes the DocumentLoader as a client of
the CachedResource so that its will not be notified of following load progress. We do not cancel
the load as other CachedResourceClients may be interested in the load (ApplicationCacheResourceLoader
in particular, in order to update its cached data).
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::continueAfterContentPolicy):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234013 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-606-branch/Source/WebCore/ChangeLog (234033 => 234034)
--- branches/safari-606-branch/Source/WebCore/ChangeLog 2018-07-20 08:05:50 UTC (rev 234033)
+++ branches/safari-606-branch/Source/WebCore/ChangeLog 2018-07-20 08:05:52 UTC (rev 234034)
@@ -1,5 +1,58 @@
2018-07-20 Babak Shafiei <[email protected]>
+ Cherry-pick r234013. rdar://problem/42417130
+
+ Crash under WebCore::DocumentWriter::addData()
+ https://bugs.webkit.org/show_bug.cgi?id=187819
+ <rdar://problem/41328743>
+
+ Reviewed by Brady Eidson.
+
+ When AppCache is used a DocumentLoader may start a NetworkLoad even though it has substitute data.
+ In DocumentLoader::continueAfterContentPolicy(), if we have substitute data we commit this data
+ and call finishLoad(). However, if the case where there was a NetworkLoad started, we'll send the
+ ContinueDidReceiveResponse IPC back to the network process and it will start sending us data for
+ the load. This could lead to crashes such as <rdar://problem/41328743> since the DocumentLoader
+ has already committed data and finished loading when it gets the data from the network process.
+
+ To address the issue, we now call clearMainResource() in continueAfterContentPolicy(), after we've
+ decided to commit the substitute data. This effectively removes the DocumentLoader as a client of
+ the CachedResource so that its will not be notified of following load progress. We do not cancel
+ the load as other CachedResourceClients may be interested in the load (ApplicationCacheResourceLoader
+ in particular, in order to update its cached data).
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::continueAfterContentPolicy):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234013 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-07-19 Chris Dumez <[email protected]>
+
+ Crash under WebCore::DocumentWriter::addData()
+ https://bugs.webkit.org/show_bug.cgi?id=187819
+ <rdar://problem/41328743>
+
+ Reviewed by Brady Eidson.
+
+ When AppCache is used a DocumentLoader may start a NetworkLoad even though it has substitute data.
+ In DocumentLoader::continueAfterContentPolicy(), if we have substitute data we commit this data
+ and call finishLoad(). However, if the case where there was a NetworkLoad started, we'll send the
+ ContinueDidReceiveResponse IPC back to the network process and it will start sending us data for
+ the load. This could lead to crashes such as <rdar://problem/41328743> since the DocumentLoader
+ has already committed data and finished loading when it gets the data from the network process.
+
+ To address the issue, we now call clearMainResource() in continueAfterContentPolicy(), after we've
+ decided to commit the substitute data. This effectively removes the DocumentLoader as a client of
+ the CachedResource so that its will not be notified of following load progress. We do not cancel
+ the load as other CachedResourceClients may be interested in the load (ApplicationCacheResourceLoader
+ in particular, in order to update its cached data).
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::continueAfterContentPolicy):
+
+2018-07-20 Babak Shafiei <[email protected]>
+
Cherry-pick r234007. rdar://problem/42417134
Ensure DocumentTimeline is kept alive until the VM::whenIdle callback is called
Modified: branches/safari-606-branch/Source/WebCore/loader/DocumentLoader.cpp (234033 => 234034)
--- branches/safari-606-branch/Source/WebCore/loader/DocumentLoader.cpp 2018-07-20 08:05:50 UTC (rev 234033)
+++ branches/safari-606-branch/Source/WebCore/loader/DocumentLoader.cpp 2018-07-20 08:05:52 UTC (rev 234034)
@@ -946,6 +946,11 @@
dataReceived(content->data(), content->size());
if (isLoadingMainResource())
finishedLoading();
+
+ // Remove ourselves as a client of this CachedResource as we've decided to commit substitute data but the
+ // load may keep going and be useful to other clients of the CachedResource. If we did not do this, we
+ // may receive data later on even though this DocumentLoader has finished loading.
+ clearMainResource();
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
