Title: [122146] branches/chromium/1180/Source/WebCore/loader/DocumentThreadableLoader.cpp
- Revision
- 122146
- Author
- [email protected]
- Date
- 2012-07-09 12:53:10 -0700 (Mon, 09 Jul 2012)
Log Message
Merge 120845
BUG=132241
Review URL: https://chromiumcodereview.appspot.com/10750008
Modified Paths
Diff
Modified: branches/chromium/1180/Source/WebCore/loader/DocumentThreadableLoader.cpp (122145 => 122146)
--- branches/chromium/1180/Source/WebCore/loader/DocumentThreadableLoader.cpp 2012-07-09 19:52:25 UTC (rev 122145)
+++ branches/chromium/1180/Source/WebCore/loader/DocumentThreadableLoader.cpp 2012-07-09 19:53:10 UTC (rev 122146)
@@ -146,7 +146,8 @@
void DocumentThreadableLoader::cancel()
{
- if (m_client) {
+ // Cacnel can re-enter and m_resource might be null here as a result.
+ if (m_client && m_resource) {
ResourceError error(errorDomainWebKitInternal, 0, m_resource->url(), "Load cancelled");
error.setIsCancellation(true);
didFail(error);
@@ -163,9 +164,13 @@
void DocumentThreadableLoader::clearResource()
{
- if (m_resource) {
- m_resource->removeClient(this);
+ // Script can cancel and restart a request reentrantly within removeClient(),
+ // which could lead to calling CachedResource::removeClient() multiple times for
+ // this DocumentThreadableLoader. Save off a copy of m_resource and clear it to
+ // prevent the reentrancy.
+ if (CachedResourceHandle<CachedRawResource> resource = m_resource) {
m_resource = 0;
+ resource->removeClient(this);
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
