Title: [147262] tags/Safari-537.35.4/Source/WebKit2
- Revision
- 147262
- Author
- [email protected]
- Date
- 2013-03-29 16:41:54 -0700 (Fri, 29 Mar 2013)
Log Message
Merged r147257. <rdar://problem/13531679>
Modified Paths
Diff
Modified: tags/Safari-537.35.4/Source/WebKit2/ChangeLog (147261 => 147262)
--- tags/Safari-537.35.4/Source/WebKit2/ChangeLog 2013-03-29 23:32:46 UTC (rev 147261)
+++ tags/Safari-537.35.4/Source/WebKit2/ChangeLog 2013-03-29 23:41:54 UTC (rev 147262)
@@ -1,5 +1,32 @@
2013-03-29 Lucas Forschler <[email protected]>
+ Merge r147257
+
+ 2013-03-29 Brady Eidson <[email protected]>
+
+ Crash when "willSendRequest" causes the ResourceLoader to be cancelled.
+ <rdar://problem/13531679> and https://bugs.webkit.org/show_bug.cgi?id=113616
+
+ Reviewed by Alexey Proskuryakov.
+
+ These callbacks to the WebCore ResourceLoader can cause the WebResourceLoader to be destroyed.
+ A RefPtr<> protector fixes that.
+
+ Additionally we can invalidate the WebResourceLoader to avoid unnecessary callbacks to the NetworkProcess.
+
+ * WebProcess/Network/WebResourceLoadScheduler.cpp:
+ (WebKit::WebResourceLoadScheduler::remove): Call detachFromCoreLoader() on a removed WebResourceLoader.
+
+ * WebProcess/Network/WebResourceLoader.cpp:
+ (WebKit::WebResourceLoader::detachFromCoreLoader): Clear out the ResourceLoader pointer.
+ (WebKit::WebResourceLoader::willSendRequest): Protect this, and don't message back to the NetworkProcess if its not needed.
+ (WebKit::WebResourceLoader::canAuthenticateAgainstProtectionSpace): Ditto
+ (WebKit::WebResourceLoader::didReceiveResource): Paranoid hardening - Protect this before delivering the data to the WebCore
+ ResourceLoader, and null check it before delivering the "didFinishLoader" call.
+ * WebProcess/Network/WebResourceLoader.h:
+
+2013-03-29 Lucas Forschler <[email protected]>
+
Merge r147179
2013-03-28 Brady Eidson <[email protected]>
Modified: tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp (147261 => 147262)
--- tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp 2013-03-29 23:32:46 UTC (rev 147261)
+++ tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp 2013-03-29 23:41:54 UTC (rev 147262)
@@ -155,8 +155,12 @@
// If a resource load was actually started within the NetworkProcess then the NetworkProcess handles clearing out the identifier.
WebProcess::shared().networkConnection()->connection()->send(Messages::NetworkConnectionToWebProcess::RemoveLoadIdentifier(identifier), 0);
- ASSERT(m_webResourceLoaders.contains(identifier));
- m_webResourceLoaders.remove(identifier);
+ RefPtr<WebResourceLoader> loader = m_webResourceLoaders.take(identifier);
+ ASSERT(loader);
+
+ // It's possible that this WebResourceLoader might be just about to message back to the NetworkProcess (e.g. ContinueWillSendRequest)
+ // but there's no point in doing so anymore.
+ loader->detachFromCoreLoader();
}
void WebResourceLoadScheduler::crossOriginRedirectReceived(ResourceLoader*, const KURL&)
Modified: tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp (147261 => 147262)
--- tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2013-03-29 23:32:46 UTC (rev 147261)
+++ tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2013-03-29 23:41:54 UTC (rev 147262)
@@ -73,12 +73,23 @@
m_coreLoader->cancel();
}
+void WebResourceLoader::detachFromCoreLoader()
+{
+ m_coreLoader = 0;
+}
+
void WebResourceLoader::willSendRequest(const ResourceRequest& proposedRequest, const ResourceResponse& redirectResponse)
{
LOG(Network, "(WebProcess) WebResourceLoader::willSendRequest to '%s'", proposedRequest.url().string().utf8().data());
+
+ RefPtr<WebResourceLoader> protector(this);
ResourceRequest newRequest = proposedRequest;
m_coreLoader->willSendRequest(newRequest, redirectResponse);
+
+ if (!m_coreLoader)
+ return;
+
send(Messages::NetworkResourceLoader::ContinueWillSendRequest(newRequest));
}
@@ -120,16 +131,27 @@
return;
}
+ RefPtr<WebResourceLoader> protector(this);
+
// Only send data to the didReceiveData callback if it exists.
if (buffer->size())
m_coreLoader->didReceiveBuffer(buffer.get(), buffer->size(), DataPayloadWholeResource);
+ if (!m_coreLoader)
+ return;
+
m_coreLoader->didFinishLoading(finishTime);
}
void WebResourceLoader::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
{
+ RefPtr<WebResourceLoader> protector(this);
+
bool result = m_coreLoader->canAuthenticateAgainstProtectionSpace(protectionSpace);
+
+ if (!m_coreLoader)
+ return;
+
send(Messages::NetworkResourceLoader::ContinueCanAuthenticateAgainstProtectionSpace(result));
}
Modified: tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoader.h (147261 => 147262)
--- tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoader.h 2013-03-29 23:32:46 UTC (rev 147261)
+++ tags/Safari-537.35.4/Source/WebKit2/WebProcess/Network/WebResourceLoader.h 2013-03-29 23:41:54 UTC (rev 147262)
@@ -67,6 +67,8 @@
WebCore::ResourceLoader* resourceLoader() const { return m_coreLoader.get(); }
+ void detachFromCoreLoader();
+
private:
WebResourceLoader(PassRefPtr<WebCore::ResourceLoader>);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
