[webkit-changes] [280083] trunk/Source/WebCore

Tue, 20 Jul 2021 09:55:59 -0700

Title: [280083] trunk/Source/WebCore
Revision
280083
Author
[email protected]
Date
2021-07-20 09:54:58 -0700 (Tue, 20 Jul 2021)

Log Message

Protect m_data when iterating in CachedRawResource::didAddClient
https://bugs.webkit.org/show_bug.cgi?id=228108
<rdar://80716674>

Patch by Alex Christensen <[email protected]> on 2021-07-20
Reviewed by Chris Dumez.

I think something is destroying m_data when its segments are being iterated.
Protect it so it doesn't get destroyed.
Also, to be on the safe side, check that the client is still a client before using it.

* loader/cache/CachedRawResource.cpp:
(WebCore::CachedRawResource::didAddClient):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (280082 => 280083)


--- trunk/Source/WebCore/ChangeLog	2021-07-20 16:43:42 UTC (rev 280082)
+++ trunk/Source/WebCore/ChangeLog	2021-07-20 16:54:58 UTC (rev 280083)
@@ -1,3 +1,18 @@
+2021-07-20  Alex Christensen  <[email protected]>
+
+        Protect m_data when iterating in CachedRawResource::didAddClient
+        https://bugs.webkit.org/show_bug.cgi?id=228108
+        <rdar://80716674>
+
+        Reviewed by Chris Dumez.
+
+        I think something is destroying m_data when its segments are being iterated.
+        Protect it so it doesn't get destroyed.
+        Also, to be on the safe side, check that the client is still a client before using it.
+
+        * loader/cache/CachedRawResource.cpp:
+        (WebCore::CachedRawResource::didAddClient):
+
 2021-07-20  Sam Sneddon  <[email protected]>
 
         Change referrer-policy default to strict-origin-when-cross-origin

Modified: trunk/Source/WebCore/loader/cache/CachedRawResource.cpp (280082 => 280083)


--- trunk/Source/WebCore/loader/cache/CachedRawResource.cpp	2021-07-20 16:43:42 UTC (rev 280082)
+++ trunk/Source/WebCore/loader/cache/CachedRawResource.cpp	2021-07-20 16:54:58 UTC (rev 280083)
@@ -167,9 +167,10 @@
         auto responseProcessedHandler = [this, protectedThis = WTFMove(protectedThis), client] {
             if (!hasClient(*client))
                 return;
-            if (m_data) {
-                m_data->forEachSegment([&](auto& segment) {
-                    client->dataReceived(*this, segment.data(), segment.size());
+            if (auto data = "" {
+                data->forEachSegment([&](auto& segment) {
+                    if (hasClient(*client))
+                        client->dataReceived(*this, segment.data(), segment.size());
                 });
             }
             if (!hasClient(*client))

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to