Diff
Modified: trunk/LayoutTests/ChangeLog (146625 => 146626)
--- trunk/LayoutTests/ChangeLog 2013-03-22 17:03:12 UTC (rev 146625)
+++ trunk/LayoutTests/ChangeLog 2013-03-22 17:05:12 UTC (rev 146626)
@@ -1,3 +1,14 @@
+2013-03-22 Nate Chapin <[email protected]>
+
+ REGRESSION (r146239): Reproducible crash in WebCore::DocumentLoader::responseReceived.
+ https://bugs.webkit.org/show_bug.cgi?id=112811
+
+ Reviewed by Brady Eidson.
+
+ * http/tests/cache/resources/x-frame-options.php: Added.
+ * http/tests/cache/x-frame-options-304-expected.txt: Added.
+ * http/tests/cache/x-frame-options-304.html: Added.
+
2013-03-22 Ryosuke Niwa <[email protected]>
Add flaky crash expectations on some media tests per bugs 113075 and 113076.
Added: trunk/LayoutTests/http/tests/cache/resources/x-frame-options.php (0 => 146626)
--- trunk/LayoutTests/http/tests/cache/resources/x-frame-options.php (rev 0)
+++ trunk/LayoutTests/http/tests/cache/resources/x-frame-options.php 2013-03-22 17:05:12 UTC (rev 146626)
@@ -0,0 +1,26 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+clearstatcache();
+
+if ($_SERVER["HTTP_IF_MODIFIED_SINCE"]) {
+ header("HTTP/1.0 304 Not Modified");
+ exit();
+}
+$_one_year_ = 12 * 31 * 24 * 60 * 60;
+$last_modified = gmdate(DATE_RFC1123, time() - $one_year);
+$expires = gmdate(DATE_RFC1123, time() + $one_year);
+
+
+header('Cache-Control: no-cache, max-age=' . $one_year);
+header('Expires: ' . $expires);
+header('Content-Type: text/html');
+header('Etag: 123456789');
+header('Last-Modified: ' . $last_modified);
+header('X-FRAME-OPTIONS: ALLOWALL');
+
+echo "<body><script>\n";
+echo "window._onload_ = function() { window.parent.test(); }\n";
+echo "</script></body>\n";
+
+?>
Added: trunk/LayoutTests/http/tests/cache/x-frame-options-304-expected.txt (0 => 146626)
--- trunk/LayoutTests/http/tests/cache/x-frame-options-304-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/cache/x-frame-options-304-expected.txt 2013-03-22 17:05:12 UTC (rev 146626)
@@ -0,0 +1 @@
+Test that a 304 response for a resource with an X-Frame-Options header doesn't cause us to crash.
Added: trunk/LayoutTests/http/tests/cache/x-frame-options-304.html (0 => 146626)
--- trunk/LayoutTests/http/tests/cache/x-frame-options-304.html (rev 0)
+++ trunk/LayoutTests/http/tests/cache/x-frame-options-304.html 2013-03-22 17:05:12 UTC (rev 146626)
@@ -0,0 +1,25 @@
+<body>
+Test that a 304 response for a resource with an X-Frame-Options header doesn't cause us to crash.
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+testCalls = 0;
+
+function test() {
+ testCalls++;
+ if (testCalls > 1) {
+ testRunner.notifyDone();
+ return;
+ }
+
+ document.body.removeChild(document.body.lastChild);
+ var iframe = document.createElement("iframe");
+ iframe.src = ""
+ document.body.appendChild(iframe);
+}
+</script>
+<iframe src=""
+</body>
Modified: trunk/Source/WebCore/ChangeLog (146625 => 146626)
--- trunk/Source/WebCore/ChangeLog 2013-03-22 17:03:12 UTC (rev 146625)
+++ trunk/Source/WebCore/ChangeLog 2013-03-22 17:05:12 UTC (rev 146626)
@@ -1,3 +1,18 @@
+2013-03-22 Nate Chapin <[email protected]>
+
+ REGRESSION (r146239): Reproducible crash in WebCore::DocumentLoader::responseReceived.
+ https://bugs.webkit.org/show_bug.cgi?id=112811
+
+ Reviewed by Brady Eidson.
+
+ Test: http/tests/cache/x-frame-options-304.html
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::responseReceived):
+ * loader/cache/CachedRawResource.cpp:
+ (WebCore::CachedRawResource::switchClientsToRevalidatedResource):
+ * loader/cache/CachedRawResource.h:
+
2013-03-22 Jer Noble <[email protected]>
REGRESSION: -webkit-box-reflect does not show on video elements
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (146625 => 146626)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2013-03-22 17:03:12 UTC (rev 146625)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2013-03-22 17:05:12 UTC (rev 146626)
@@ -581,7 +581,9 @@
HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader);
if (it != response.httpHeaderFields().end()) {
String content = it->value;
- unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : mainResourceLoader()->identifier();
+ ASSERT(m_mainResource);
+ unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
+ ASSERT(identifier);
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), identifier)) {
InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, identifier, response);
String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
Modified: trunk/Source/WebCore/loader/cache/CachedRawResource.cpp (146625 => 146626)
--- trunk/Source/WebCore/loader/cache/CachedRawResource.cpp 2013-03-22 17:03:12 UTC (rev 146625)
+++ trunk/Source/WebCore/loader/cache/CachedRawResource.cpp 2013-03-22 17:05:12 UTC (rev 146626)
@@ -144,6 +144,15 @@
c->dataSent(this, bytesSent, totalBytesToBeSent);
}
+void CachedRawResource::switchClientsToRevalidatedResource()
+{
+ ASSERT(m_loader);
+ // If we're in the middle of a successful revalidation, responseReceived() hasn't been called, so we haven't set m_identifier.
+ ASSERT(!m_identifier);
+ static_cast<CachedRawResource*>(resourceToRevalidate())->m_identifier = m_loader->identifier();
+ CachedResource::switchClientsToRevalidatedResource();
+}
+
void CachedRawResource::setDefersLoading(bool defers)
{
if (m_loader)
Modified: trunk/Source/WebCore/loader/cache/CachedRawResource.h (146625 => 146626)
--- trunk/Source/WebCore/loader/cache/CachedRawResource.h 2013-03-22 17:03:12 UTC (rev 146625)
+++ trunk/Source/WebCore/loader/cache/CachedRawResource.h 2013-03-22 17:05:12 UTC (rev 146626)
@@ -66,6 +66,8 @@
virtual void didDownloadData(int);
#endif
+ virtual void switchClientsToRevalidatedResource() OVERRIDE;
+
unsigned long m_identifier;
struct RedirectPair {
