[webkit-changes] [119333] releases/WebKitGTK/webkit-1.8

[kov]

Title: [119333] releases/WebKitGTK/webkit-1.8

Revision

119333

Author

k...@webkit.org

Date

2012-06-02 13:30:30 -0700 (Sat, 02 Jun 2012)

Log Message

Source/WebCore: Crash in CachedRawResource::didAddClient() due to missing protector.
https://bugs.webkit.org/show_bug.cgi?id=83632

Reviewed by Eric Seidel.

Test: http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html

* loader/cache/CachedRawResource.cpp:
(WebCore::CachedRawResource::didAddClient):

LayoutTests: Test for https://bugs.webkit.org/show_bug.cgi?id=83632.

Reviewed by Eric Seidel.

* http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt: Added.
* http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-1.8/Source/WebCore/loader/cache/CachedRawResource.cpp

Added Paths

• releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt
• releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html

Diff

Modified: releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog (119332 => 119333)

--- releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog	2012-06-02 20:30:11 UTC (rev 119332)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog	2012-06-02 20:30:30 UTC (rev 119333)
@@ -1,3 +1,12 @@
+2012-04-25  Nate Chapin  <jap...@chromium.org>
+
+        Test for https://bugs.webkit.org/show_bug.cgi?id=83632.
+
+        Reviewed by Eric Seidel.
+
+        * http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt: Added.
+        * http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html: Added.
+
 2012-03-09  Nate Chapin  <jap...@chromium.org>
 
         Test for https://bugs.webkit.org/show_bug.cgi?id=80551

Added: releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt (0 => 119333)

--- releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt	2012-06-02 20:30:30 UTC (rev 119333)
@@ -0,0 +1,7 @@
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+PASS

Added: releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html (0 => 119333)

--- releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html	2012-06-02 20:30:30 UTC (rev 119333)
@@ -0,0 +1,37 @@
+<base href=""
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+var requestCount = 0;
+
+function preflightRequest() {
+    var xhr = new XMLHttpRequest();
+    xhr._onsuccess_ = function() { finish("FAIL"); }
+    xhr._onerror_ = function() {
+        if (requestCount == 5) {
+            finish("PASS");
+            return;
+        }
+        requestCount++;
+        // This hack of showing and hiding the inspector greatly increases the likelihood
+        // that references to the CachedResource underlying the XHR get cleaned out.
+        if (window.layoutTestController) {
+            layoutTestController.showWebInspector();
+            layoutTestController.closeWebInspector();
+        }
+        preflightRequest();
+    }
+    xhr.open("GET", "xmlhttprequest/resources/access-control-basic-denied.cgi");
+    xhr.send();
+}
+
+function finish(result) {
+    document.body.appendChild(document.createTextNode(result));
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+<body _onload_="preflightRequest()"></body>

Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog (119332 => 119333)

--- releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog	2012-06-02 20:30:11 UTC (rev 119332)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog	2012-06-02 20:30:30 UTC (rev 119333)
@@ -1,3 +1,15 @@
+2012-04-25  Nate Chapin  <jap...@chromium.org>
+
+        Crash in CachedRawResource::didAddClient() due to missing protector.
+        https://bugs.webkit.org/show_bug.cgi?id=83632
+
+        Reviewed by Eric Seidel.
+
+        Test: http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html
+
+        * loader/cache/CachedRawResource.cpp:
+        (WebCore::CachedRawResource::didAddClient):
+
 2012-03-09  Nate Chapin  <jap...@chromium.org>
 
         CachedRawResource breaks when trying to load

Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/loader/cache/CachedRawResource.cpp (119332 => 119333)

--- releases/WebKitGTK/webkit-1.8/Source/WebCore/loader/cache/CachedRawResource.cpp	2012-06-02 20:30:11 UTC (rev 119332)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/loader/cache/CachedRawResource.cpp	2012-06-02 20:30:30 UTC (rev 119333)
@@ -72,6 +72,10 @@
 {
     if (m_response.isNull() || !hasClient(c))
         return;
+    // The calls to the client can result in events running, potentially causing
+    // this resource to be evicted from the cache and all clients to be removed,
+    // so a protector is necessary.
+    CachedResourceHandle<CachedRawResource> protect(this);
     CachedRawResourceClient* client = static_cast<CachedRawResourceClient*>(c);
     client->responseReceived(this, m_response);
     if (!hasClient(c))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes