[webkit-changes] [185643] trunk/Source/WebCore

Tue, 16 Jun 2015 23:03:41 -0700

Title: [185643] trunk/Source/WebCore
Revision
185643
Author
[email protected]
Date
2015-06-16 23:03:27 -0700 (Tue, 16 Jun 2015)

Log Message

WebProcess crashes after too many redirect error when there's an active NPAPI plugin
https://bugs.webkit.org/show_bug.cgi?id=146019

Reviewed by Darin Adler.

This happens with the GTK+ port after a navigation action ends up
in an infinite redirection and the ResourceHandle fails with too
many redirections error. I should actually happen after any error
is reported by the ResourceHnalder before the load is
committed. But tt only happens if there's an active NPAPI
plugin. The problem is that FrameLoader::receivedMainResourceError()
is called recursively because DocumentLoader::stopLoading() ends up
calling mainReceivedError() that calls FrameLoader::receivedMainResourceError()
again. DocumentLoader::stopLoading() checks if the document is
still loading, which can happen if the main resource is loading,
if there's any subresource loading or if there's a plugin
loading. So, in case of being loading, those cases are handled
individually to cancel the main resource, or set an error in the
document loader and cancel subresources and plugins, except for
this case of plugins, that mainReceivedError is called instead of
setting cancelled error on the document loader.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::stopLoading): If the document is still
loading because there are active plugins, set the cancelled error
on the document instead of calling mainReceivedError again.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (185642 => 185643)


--- trunk/Source/WebCore/ChangeLog	2015-06-17 06:00:31 UTC (rev 185642)
+++ trunk/Source/WebCore/ChangeLog	2015-06-17 06:03:27 UTC (rev 185643)
@@ -1,3 +1,32 @@
+2015-06-16  Carlos Garcia Campos  <[email protected]>
+
+        WebProcess crashes after too many redirect error when there's an active NPAPI plugin
+        https://bugs.webkit.org/show_bug.cgi?id=146019
+
+        Reviewed by Darin Adler.
+
+        This happens with the GTK+ port after a navigation action ends up
+        in an infinite redirection and the ResourceHandle fails with too
+        many redirections error. I should actually happen after any error
+        is reported by the ResourceHnalder before the load is
+        committed. But tt only happens if there's an active NPAPI
+        plugin. The problem is that FrameLoader::receivedMainResourceError()
+        is called recursively because DocumentLoader::stopLoading() ends up
+        calling mainReceivedError() that calls FrameLoader::receivedMainResourceError()
+        again. DocumentLoader::stopLoading() checks if the document is
+        still loading, which can happen if the main resource is loading,
+        if there's any subresource loading or if there's a plugin
+        loading. So, in case of being loading, those cases are handled
+        individually to cancel the main resource, or set an error in the
+        document loader and cancel subresources and plugins, except for
+        this case of plugins, that mainReceivedError is called instead of
+        setting cancelled error on the document loader.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::stopLoading): If the document is still
+        loading because there are active plugins, set the cancelled error
+        on the document instead of calling mainReceivedError again.
+
 2015-06-16  Youenn Fablet <[email protected]> and Xabier Rodriguez Calvar  <[email protected]>
 
         [Streams API] Implement ReadableStream locked property

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (185642 => 185643)


--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2015-06-17 06:00:31 UTC (rev 185642)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2015-06-17 06:03:27 UTC (rev 185643)
@@ -328,14 +328,15 @@
     if (isLoadingMainResource()) {
         // Stop the main resource loader and let it send the cancelled message.
         cancelMainResourceLoad(frameLoader->cancelledError(m_request));
-    } else if (!m_subresourceLoaders.isEmpty())
-        // The main resource loader already finished loading. Set the cancelled error on the 
-        // document and let the subresourceLoaders send individual cancelled messages below.
+    } else if (!m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty()) {
+        // The main resource loader already finished loading. Set the cancelled error on the
+        // document and let the subresourceLoaders and pluginLoaders send individual cancelled messages below.
         setMainDocumentError(frameLoader->cancelledError(m_request));
-    else
+    } else {
         // If there are no resource loaders, we need to manufacture a cancelled message.
         // (A back/forward navigation has no resource loaders because its resources are cached.)
         mainReceivedError(frameLoader->cancelledError(m_request));
+    }
 
     // We always need to explicitly cancel the Document's parser when stopping the load.
     // Otherwise cancelling the parser while starting the next page load might result

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to