Title: [164278] releases/WebKitGTK/webkit-2.2/Source/WebKit2
- Revision
- 164278
- Author
- [email protected]
- Date
- 2014-02-18 02:16:32 -0800 (Tue, 18 Feb 2014)
Log Message
Merge r162830 - [SOUP] WebProcess sometimes crashes when a download is cancelled
https://bugs.webkit.org/show_bug.cgi?id=127650
Reviewed by Martin Robinson.
The problem is that when the download is cancelled, the download
manager removes the download from the map and it's deleted. The
Download destructor calls platformInvalidate() that cancels the
resource handle if there's still one. We set to nullptr the
ResourceHandle when the download is cancelled to avoid cancelling
it twice, but it's done after calling Download::didCancel(). It
should be done before, because at that moment, when the download
is deleted, the resource handle pointer is still valid.
* Shared/Downloads/soup/DownloadSoup.cpp:
(WebKit::Download::cancel):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.2/Source/WebKit2/ChangeLog (164277 => 164278)
--- releases/WebKitGTK/webkit-2.2/Source/WebKit2/ChangeLog 2014-02-18 09:49:16 UTC (rev 164277)
+++ releases/WebKitGTK/webkit-2.2/Source/WebKit2/ChangeLog 2014-02-18 10:16:32 UTC (rev 164278)
@@ -1,3 +1,22 @@
+2014-01-27 Carlos Garcia Campos <[email protected]>
+
+ [SOUP] WebProcess sometimes crashes when a download is cancelled
+ https://bugs.webkit.org/show_bug.cgi?id=127650
+
+ Reviewed by Martin Robinson.
+
+ The problem is that when the download is cancelled, the download
+ manager removes the download from the map and it's deleted. The
+ Download destructor calls platformInvalidate() that cancels the
+ resource handle if there's still one. We set to nullptr the
+ ResourceHandle when the download is cancelled to avoid cancelling
+ it twice, but it's done after calling Download::didCancel(). It
+ should be done before, because at that moment, when the download
+ is deleted, the resource handle pointer is still valid.
+
+ * Shared/Downloads/soup/DownloadSoup.cpp:
+ (WebKit::Download::cancel):
+
2014-01-24 Víctor Manuel Jáquez Leal <[email protected]>
[GTK] youtube HTML5 videos in fullscreen, after <Esc>, can't go fullscreen again
Modified: releases/WebKitGTK/webkit-2.2/Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp (164277 => 164278)
--- releases/WebKitGTK/webkit-2.2/Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp 2014-02-18 09:49:16 UTC (rev 164277)
+++ releases/WebKitGTK/webkit-2.2/Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp 2014-02-18 10:16:32 UTC (rev 164278)
@@ -232,8 +232,12 @@
{
if (!m_resourceHandle)
return;
- static_cast<DownloadClient*>(m_downloadClient.get())->cancel(m_resourceHandle.get());
- m_resourceHandle = 0;
+
+ // Cancelling the download will delete it and platformInvalidate() will be called by the destructor.
+ // So, we need to set m_resourceHandle to nullptr before actually cancelling the download to make sure
+ // it won't be cancelled again by platformInvalidate. See https://bugs.webkit.org/show_bug.cgi?id=127650.
+ RefPtr<ResourceHandle> resourceHandle = m_resourceHandle.release();
+ static_cast<DownloadClient*>(m_downloadClient.get())->cancel(resourceHandle.get());
}
void Download::platformInvalidate()
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
