Skip to site navigation (Press enter)

[webkit-changes] [128415] trunk/Source/WebKit/chromium

commit-queue Thu, 13 Sep 2012 00:46:59 -0700

Title: [128415] trunk/Source/WebKit/chromium

Revision: 128415
Author: [email protected]
Date: 2012-09-13 00:47:54 -0700 (Thu, 13 Sep 2012)

Log Message

Check if WorkerContext is terminated in WebWorkerClientImple::openFileSystem call.
https://bugs.webkit.org/show_bug.cgi?id=96601


Patch by Taiju Tsuiki <[email protected]> on 2012-09-13
Reviewed by Kent Tamura.

m_webFrame might be already deleted after terminateWorkerContext call.
This patch ensure it be NULL and change to avoid using it.

Test: fast/filesystem/workers/detached-frame-crash.html

* src/WebWorkerClientImpl.cpp:
(WebKit::WebWorkerClientImpl::terminateWorkerContext):
(WebKit::WebWorkerClientImpl::openFileSystem):

Modified Paths

trunk/Source/WebKit/chromium/ChangeLog
trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp

Diff

Modified: trunk/Source/WebKit/chromium/ChangeLog (128414 => 128415)


--- trunk/Source/WebKit/chromium/ChangeLog	2012-09-13 07:37:45 UTC (rev 128414)
+++ trunk/Source/WebKit/chromium/ChangeLog	2012-09-13 07:47:54 UTC (rev 128415)
@@ -1,3 +1,19 @@
+2012-09-13  Taiju Tsuiki  <[email protected]>
+
+        Check if WorkerContext is terminated in WebWorkerClientImple::openFileSystem call.
+        https://bugs.webkit.org/show_bug.cgi?id=96601
+
+        Reviewed by Kent Tamura.
+
+        m_webFrame might be already deleted after terminateWorkerContext call.
+        This patch ensure it be NULL and change to avoid using it.
+
+        Test: fast/filesystem/workers/detached-frame-crash.html
+
+        * src/WebWorkerClientImpl.cpp:
+        (WebKit::WebWorkerClientImpl::terminateWorkerContext):
+        (WebKit::WebWorkerClientImpl::openFileSystem):
+
 2012-09-12  Leandro Gracia Gil  <[email protected]>
 
         [Chromium] Fix cases where find-in-page doesn't send a final update

Modified: trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp (128414 => 128415)


--- trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp	2012-09-13 07:37:45 UTC (rev 128414)
+++ trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp	2012-09-13 07:47:54 UTC (rev 128415)
@@ -104,6 +104,7 @@
 
 void WebWorkerClientImpl::terminateWorkerContext()
 {
+    m_webFrame = 0;
     m_proxy->terminateWorkerContext();
 }
 
@@ -210,7 +211,7 @@
 void WebWorkerClientImpl::openFileSystem(WebFileSystem::Type type, long long size, bool create, 
                                          WebFileSystemCallbacks* callbacks)
 {
-    if (!m_webFrame->client()) {
+    if (m_proxy->askedToTerminate()) {
         callbacks->didFail(WebFileErrorAbort);
         return;
     }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes