Skip to site navigation (Press enter)

[webkit-changes] [141562] trunk/Source/WebKit2

hausmann Fri, 01 Feb 2013 02:04:50 -0800

Title: [141562] trunk/Source/WebKit2

Revision: 141562
Author: [email protected]
Date: 2013-02-01 02:06:06 -0800 (Fri, 01 Feb 2013)

Log Message

[EFL][WK2] MiniBrowser segfaults on loading google.com
https://bugs.webkit.org/show_bug.cgi?id=108597


Patch by Gwang Yoon Hwang <[email protected]> on 2013-02-01
Reviewed by Andreas Kling.

* Platform/CoreIPC/unix/ConnectionUnix.cpp:
(CoreIPC::Connection::processMessage):
oolMessageBody should be properly initialized before it is used.

This patch also adds omitted break statement.

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp

Diff

Modified: trunk/Source/WebKit2/ChangeLog (141561 => 141562)


--- trunk/Source/WebKit2/ChangeLog	2013-02-01 09:52:10 UTC (rev 141561)
+++ trunk/Source/WebKit2/ChangeLog	2013-02-01 10:06:06 UTC (rev 141562)
@@ -1,3 +1,16 @@
+2013-02-01  Gwang Yoon Hwang  <[email protected]>
+
+        [EFL][WK2] MiniBrowser segfaults on loading google.com
+        https://bugs.webkit.org/show_bug.cgi?id=108597
+
+        Reviewed by Andreas Kling.
+
+        * Platform/CoreIPC/unix/ConnectionUnix.cpp:
+        (CoreIPC::Connection::processMessage):
+        oolMessageBody should be properly initialized before it is used.
+
+        This patch also adds omitted break statement.
+
 2013-01-31  Jae Hyun Park  <[email protected]>
 
         [Qt] Add MessageFlags.h in Target.pri

Modified: trunk/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp (141561 => 141562)


--- trunk/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp	2013-02-01 09:52:10 UTC (rev 141561)
+++ trunk/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp	2013-02-01 10:06:06 UTC (rev 141562)
@@ -222,6 +222,7 @@
             case Attachment::SocketType:
                 if (!attachmentInfo[i].isNull())
                     attachmentFileDescriptorCount++;
+                break;
             case Attachment::Uninitialized:
             default:
                 ASSERT_NOT_REACHED();
@@ -237,48 +238,46 @@
     AttachmentResourceGuard<Vector<Attachment>, Vector<Attachment>::iterator> attachementDisposer(attachments);
     RefPtr<WebKit::SharedMemory> oolMessageBody;
 
-    if (attachmentCount) {
-        size_t fdIndex = 0;
-        for (size_t i = 0; i < attachmentCount; ++i) {
-            int fd = -1;
-            switch (attachmentInfo[i].getType()) {
-            case Attachment::MappedMemoryType:
-                if (!attachmentInfo[i].isNull())
-                    fd = m_fileDescriptors[fdIndex++];
-                attachments[attachmentCount - i - 1] = Attachment(fd, attachmentInfo[i].getSize());
-                break;
-            case Attachment::SocketType:
-                if (!attachmentInfo[i].isNull())
-                    fd = m_fileDescriptors[fdIndex++];
-                attachments[attachmentCount - i - 1] = Attachment(fd);
-                break;
-            case Attachment::Uninitialized:
-                attachments[attachmentCount - i - 1] = Attachment();
-            default:
-                break;
-            }
+    size_t fdIndex = 0;
+    for (size_t i = 0; i < attachmentCount; ++i) {
+        int fd = -1;
+        switch (attachmentInfo[i].getType()) {
+        case Attachment::MappedMemoryType:
+            if (!attachmentInfo[i].isNull())
+                fd = m_fileDescriptors[fdIndex++];
+            attachments[attachmentCount - i - 1] = Attachment(fd, attachmentInfo[i].getSize());
+            break;
+        case Attachment::SocketType:
+            if (!attachmentInfo[i].isNull())
+                fd = m_fileDescriptors[fdIndex++];
+            attachments[attachmentCount - i - 1] = Attachment(fd);
+            break;
+        case Attachment::Uninitialized:
+            attachments[attachmentCount - i - 1] = Attachment();
+        default:
+            break;
         }
+    }
 
-        if (messageInfo.isMessageBodyIsOutOfLine()) {
-            ASSERT(messageInfo.bodySize());
+    if (messageInfo.isMessageBodyIsOutOfLine()) {
+        ASSERT(messageInfo.bodySize());
 
-            if (attachmentInfo[attachmentCount].isNull()) {
-                ASSERT_NOT_REACHED();
-                return false;
-            }
+        if (attachmentInfo[attachmentCount].isNull()) {
+            ASSERT_NOT_REACHED();
+            return false;
+        }
 
-            WebKit::SharedMemory::Handle handle;
-            handle.adoptFromAttachment(m_fileDescriptors[attachmentFileDescriptorCount - 1], attachmentInfo[attachmentCount].getSize());
+        WebKit::SharedMemory::Handle handle;
+        handle.adoptFromAttachment(m_fileDescriptors[attachmentFileDescriptorCount - 1], attachmentInfo[attachmentCount].getSize());
 
-            oolMessageBody = WebKit::SharedMemory::create(handle, WebKit::SharedMemory::ReadOnly);
-            if (!oolMessageBody) {
-                ASSERT_NOT_REACHED();
-                return false;
-            }
+        oolMessageBody = WebKit::SharedMemory::create(handle, WebKit::SharedMemory::ReadOnly);
+        if (!oolMessageBody) {
+            ASSERT_NOT_REACHED();
+            return false;
         }
     }
 
-    ASSERT(attachments.size() == messageInfo.isMessageBodyIsOutOfLine() ? messageInfo.attachmentCount() - 1 : messageInfo.attachmentCount());
+    ASSERT(attachments.size() == (messageInfo.isMessageBodyIsOutOfLine() ? messageInfo.attachmentCount() - 1 : messageInfo.attachmentCount()));
 
     uint8_t* messageBody = messageData;
     if (messageInfo.isMessageBodyIsOutOfLine())

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes