- Revision
- 154115
- Author
- [email protected]
- Date
- 2013-08-15 12:05:04 -0700 (Thu, 15 Aug 2013)
Log Message
<https://webkit.org/b/119853> REGRESSION (r139343): WebKit crashes when canceling a load inside webView:resource:didFinishLoadingFromDataSource:
Reviewed by Brady Eidson.
Source/WebCore:
A client implementing webView:resource:didFinishLoadingFromDataSource:
might decide to call stopLoading: for the identifier that just finished
loading. If this happens we re-enter the loader and attempt to cancel a
load that has already finished and been removed from the set of active
loaders. Prevent this by clearing DocumentLoader's
m_identifierForLoadWithoutResourceLoader before calling
dispatchDidFinishLoading().
New API test: WebKit1.StopLoadingFromDidFinishLoading.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::finishedLoading): Set
m_identifierForLoadWithoutResourceLoader to 0 before calling
dispatchDidFinishLoading().
Tools:
Wrote an API test that verifies -[WebView stopLoading:] can be called
inside webView:resource:didFinishLoadingFromDataSource: without crashing.
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/mac/StopLoadingFromDidFinishLoading.mm: Added.
(-[StopLoadingFromDidFinishLoadingDelegate webView:resource:didFinishLoadingFromDataSource:]):
(TestWebKitAPI::TEST):
Modified Paths
Added Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (154114 => 154115)
--- trunk/Source/WebCore/ChangeLog 2013-08-15 18:50:48 UTC (rev 154114)
+++ trunk/Source/WebCore/ChangeLog 2013-08-15 19:05:04 UTC (rev 154115)
@@ -1,3 +1,24 @@
+2013-08-15 Andy Estes <[email protected]>
+
+ <https://webkit.org/b/119853> REGRESSION (r139343): WebKit crashes when canceling a load inside webView:resource:didFinishLoadingFromDataSource:
+
+ Reviewed by Brady Eidson.
+
+ A client implementing webView:resource:didFinishLoadingFromDataSource:
+ might decide to call stopLoading: for the identifier that just finished
+ loading. If this happens we re-enter the loader and attempt to cancel a
+ load that has already finished and been removed from the set of active
+ loaders. Prevent this by clearing DocumentLoader's
+ m_identifierForLoadWithoutResourceLoader before calling
+ dispatchDidFinishLoading().
+
+ New API test: WebKit1.StopLoadingFromDidFinishLoading.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::finishedLoading): Set
+ m_identifierForLoadWithoutResourceLoader to 0 before calling
+ dispatchDidFinishLoading().
+
2013-08-15 Eric Carlson <[email protected]>
[Mac] Remove "legacy" media UI
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (154114 => 154115)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2013-08-15 18:50:48 UTC (rev 154114)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2013-08-15 19:05:04 UTC (rev 154115)
@@ -364,8 +364,13 @@
RefPtr<DocumentLoader> protect(this);
if (m_identifierForLoadWithoutResourceLoader) {
- frameLoader()->notifier()->dispatchDidFinishLoading(this, m_identifierForLoadWithoutResourceLoader, finishTime);
+ // A didFinishLoading delegate might try to cancel the load (despite it
+ // being finished). Clear m_identifierForLoadWithoutResourceLoader
+ // before calling dispatchDidFinishLoading so that we don't later try to
+ // cancel the already-finished substitute load.
+ unsigned long identifier = m_identifierForLoadWithoutResourceLoader;
m_identifierForLoadWithoutResourceLoader = 0;
+ frameLoader()->notifier()->dispatchDidFinishLoading(this, identifier, finishTime);
}
#if USE(CONTENT_FILTERING)
Modified: trunk/Tools/ChangeLog (154114 => 154115)
--- trunk/Tools/ChangeLog 2013-08-15 18:50:48 UTC (rev 154114)
+++ trunk/Tools/ChangeLog 2013-08-15 19:05:04 UTC (rev 154115)
@@ -1,3 +1,17 @@
+2013-08-15 Andy Estes <[email protected]>
+
+ <https://webkit.org/b/119853> REGRESSION (r139343): WebKit crashes when canceling a load inside webView:resource:didFinishLoadingFromDataSource:
+
+ Reviewed by Brady Eidson.
+
+ Wrote an API test that verifies -[WebView stopLoading:] can be called
+ inside webView:resource:didFinishLoadingFromDataSource: without crashing.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/mac/StopLoadingFromDidFinishLoading.mm: Added.
+ (-[StopLoadingFromDidFinishLoadingDelegate webView:resource:didFinishLoadingFromDataSource:]):
+ (TestWebKitAPI::TEST):
+
2013-08-15 Alexey Proskuryakov <[email protected]>
Adding Myles Maxfield to contributors.json.
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (154114 => 154115)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2013-08-15 18:50:48 UTC (rev 154114)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2013-08-15 19:05:04 UTC (rev 154115)
@@ -42,6 +42,7 @@
290F4275172A221C00939FF0 /* custom-protocol-sync-xhr.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 290F4274172A1FDE00939FF0 /* custom-protocol-sync-xhr.html */; };
290F4278172A232C00939FF0 /* CustomProtocolsSyncXHRTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 290F4276172A232C00939FF0 /* CustomProtocolsSyncXHRTest.mm */; };
290F427B172A23A500939FF0 /* TestProtocol.mm in Sources */ = {isa = PBXBuildFile; fileRef = 290F4279172A23A500939FF0 /* TestProtocol.mm */; };
+ 291861FF17BD4DC700D4E41E /* StopLoadingFromDidFinishLoading.mm in Sources */ = {isa = PBXBuildFile; fileRef = 291861FD17BD4DC700D4E41E /* StopLoadingFromDidFinishLoading.mm */; };
2943BE86161DFEB800999E3D /* UserContentTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2943BE84161DFEB800999E3D /* UserContentTest.mm */; };
297234B4173AD04800983601 /* CustomProtocolsInvalidScheme.mm in Sources */ = {isa = PBXBuildFile; fileRef = 297234B2173AD04800983601 /* CustomProtocolsInvalidScheme.mm */; };
297234B7173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 297234B5173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp */; };
@@ -347,6 +348,7 @@
290F4276172A232C00939FF0 /* CustomProtocolsSyncXHRTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CustomProtocolsSyncXHRTest.mm; sourceTree = "<group>"; };
290F4279172A23A500939FF0 /* TestProtocol.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = TestProtocol.mm; sourceTree = "<group>"; };
290F427A172A23A500939FF0 /* TestProtocol.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TestProtocol.h; sourceTree = "<group>"; };
+ 291861FD17BD4DC700D4E41E /* StopLoadingFromDidFinishLoading.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = StopLoadingFromDidFinishLoading.mm; sourceTree = "<group>"; };
2943BE84161DFEB800999E3D /* UserContentTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = UserContentTest.mm; path = WebKit2ObjC/UserContentTest.mm; sourceTree = "<group>"; };
297234B2173AD04800983601 /* CustomProtocolsInvalidScheme.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = CustomProtocolsInvalidScheme.mm; path = WebKit2ObjC/CustomProtocolsInvalidScheme.mm; sourceTree = "<group>"; };
297234B5173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CustomProtocolsInvalidScheme_Bundle.cpp; path = WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp; sourceTree = "<group>"; };
@@ -921,6 +923,8 @@
261516D515B0E60500A2C201 /* SetAndUpdateCacheModel.mm */,
52B8CF9515868CF000281053 /* SetDocumentURI.mm */,
C540F775152E4DA000A40C8C /* SimplifyMarkup.mm */,
+ 291861FD17BD4DC700D4E41E /* StopLoadingFromDidFinishLoading.mm */,
+ E194E1BA177E5145009C4D4E /* StopLoadingFromDidReceiveResponse.mm */,
3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */,
37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */,
E490296714E2E3A4002BEDD1 /* TypingStyleCrash.mm */,
@@ -929,7 +933,6 @@
37E38C33169B7D010084C28C /* WebViewDidRemoveFrameFromHierarchy.mm */,
1A7BFC0A171A0BDB00BC5F64 /* WillSendSubmitEvent.mm */,
A5E2027215B2181900C13E14 /* WindowlessWebViewWithMedia.mm */,
- E194E1BA177E5145009C4D4E /* StopLoadingFromDidReceiveResponse.mm */,
);
path = mac;
sourceTree = "<group>";
@@ -1094,6 +1097,7 @@
BC246D8E132F115A00B56D7C /* AboutBlankLoad.cpp in Sources */,
297234B4173AD04800983601 /* CustomProtocolsInvalidScheme.mm in Sources */,
379028B614FABD92007E6B43 /* AcceptsFirstMouse.mm in Sources */,
+ 291861FF17BD4DC700D4E41E /* StopLoadingFromDidFinishLoading.mm in Sources */,
26F1B44415CA434F00D1E4BF /* AtomicString.cpp in Sources */,
B55F11A01516834F00915916 /* AttributedString.mm in Sources */,
00CD9F6315BE312C002DA2CE /* BackForwardList.mm in Sources */,
Added: trunk/Tools/TestWebKitAPI/Tests/mac/StopLoadingFromDidFinishLoading.mm (0 => 154115)
--- trunk/Tools/TestWebKitAPI/Tests/mac/StopLoadingFromDidFinishLoading.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/StopLoadingFromDidFinishLoading.mm 2013-08-15 19:05:04 UTC (rev 154115)
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "PlatformUtilities.h"
+#import <wtf/AutodrainedPool.h>
+#import <wtf/RetainPtr.h>
+
+@interface StopLoadingFromDidFinishLoadingDelegate : NSObject {
+}
+@end
+
+static bool finished = false;
+
+@implementation StopLoadingFromDidFinishLoadingDelegate
+
+- (void)webView:(WebView *)sender resource:(id)identifier didFinishLoadingFromDataSource:(WebDataSource *)dataSource
+{
+ [sender stopLoading:identifier];
+ finished = true;
+}
+
+@end
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, StopLoadingFromDidFinishLoading)
+{
+ AutodrainedPool pool;
+ RetainPtr<WebView> webView = adoptNS([[WebView alloc] init]);
+ RetainPtr<StopLoadingFromDidFinishLoadingDelegate> delegate = adoptNS([[StopLoadingFromDidFinishLoadingDelegate alloc] init]);
+ webView.get().resourceLoadDelegate = delegate.get();
+ [webView.get().mainFrame loadHTMLString:@"Hello, World!" baseURL:[NSURL URLWithString:@""]];
+ Util::run(&finished);
+ // No crash means the test passed.
+}
+
+} // namespace TestWebKitAPI
