Title: [179062] branches/safari-600.1.4.15-branch/Source/WebCore
- Revision
- 179062
- Author
- [email protected]
- Date
- 2015-01-24 09:00:24 -0800 (Sat, 24 Jan 2015)
Log Message
Merged branch-only patch (r0). rdar://problem/19564738
Modified Paths
Diff
Modified: branches/safari-600.1.4.15-branch/Source/WebCore/ChangeLog (179061 => 179062)
--- branches/safari-600.1.4.15-branch/Source/WebCore/ChangeLog 2015-01-24 16:28:14 UTC (rev 179061)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/ChangeLog 2015-01-24 17:00:24 UTC (rev 179062)
@@ -1,3 +1,21 @@
+2015-01-23 Pratik Solanki <[email protected]>
+
+ <rdar://problem/19564738> Stowe: CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::SharedBuffer::createPurgeableBuffer const + 14
+
+ Reviewed by David Kilzer.
+
+ Speculative fix for the above crash. The current theory is that a timer is being fired for a
+ CachedResource that has been freed. Add a marker field in CachedResource to do an early
+ return from CachedResource::makePurgeable() when this happens.
+
+ No new tests because I can't reproduce the crash.
+
+ * loader/cache/CachedResource.cpp:
+ (WebCore::CachedResource::CachedResource):
+ (WebCore::CachedResource::~CachedResource):
+ (WebCore::CachedResource::makePurgeable):
+ * loader/cache/CachedResource.h:
+
2015-01-23 Lucas Forschler <[email protected]>
Build fix after r179028, r179030, r179031, r179032.
Modified: branches/safari-600.1.4.15-branch/Source/WebCore/loader/cache/CachedResource.cpp (179061 => 179062)
--- branches/safari-600.1.4.15-branch/Source/WebCore/loader/cache/CachedResource.cpp 2015-01-24 16:28:14 UTC (rev 179061)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/loader/cache/CachedResource.cpp 2015-01-24 17:00:24 UTC (rev 179062)
@@ -63,6 +63,8 @@
namespace WebCore {
+static const unsigned LiveMarker = 0xCACED;
+
// These response headers are not copied from a revalidated response to the
// cached response headers. For compatibility, this list is based on Chromium's
// net/http/http_response_headers.cc.
@@ -181,6 +183,7 @@
, m_owningCachedResourceLoader(0)
, m_resourceToRevalidate(0)
, m_proxyResource(0)
+ , m_liveObjectMarker(LiveMarker)
{
ASSERT(m_type == unsigned(type)); // m_type is a bitfield, so this tests careless updates of the enum.
ASSERT(sessionID.isValid());
@@ -212,6 +215,7 @@
if (m_owningCachedResourceLoader)
m_owningCachedResourceLoader->removeCachedResource(this);
+ m_liveObjectMarker = 0;
}
void CachedResource::failBeforeStarting()
@@ -801,6 +805,9 @@
bool CachedResource::makePurgeable(bool purgeable)
{
+ if (m_liveObjectMarker != LiveMarker)
+ return false;
+
if (purgeable) {
ASSERT(isSafeToMakePurgeable());
Modified: branches/safari-600.1.4.15-branch/Source/WebCore/loader/cache/CachedResource.h (179061 => 179062)
--- branches/safari-600.1.4.15-branch/Source/WebCore/loader/cache/CachedResource.h 2015-01-24 16:28:14 UTC (rev 179061)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/loader/cache/CachedResource.h 2015-01-24 17:00:24 UTC (rev 179062)
@@ -369,6 +369,7 @@
// These handles will need to be updated to point to the m_resourceToRevalidate in case we get 304 response.
HashSet<CachedResourceHandleBase*> m_handlesToRevalidate;
+ unsigned m_liveObjectMarker;
};
#define CACHED_RESOURCE_TYPE_CASTS(ToClassName, FromClassName, CachedResourceType) \
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
