[webkit-changes] [192044] trunk/Source/WebKit2

Wed, 04 Nov 2015 16:54:51 -0800

Title: [192044] trunk/Source/WebKit2
Revision
192044
Author
cdu...@apple.com
Date
2015-11-04 16:54:25 -0800 (Wed, 04 Nov 2015)

Log Message

Regression(r192038): Crash in ~SandboxExtension()
https://bugs.webkit.org/show_bug.cgi?id=150898

Reviewed by Alex Christensen.

We are seeing a couple of crashes under ~SandboxExtension() on the bots
after ~SandboxExtension(). The reason is that the SandBoxExtension is
still in use (useCount > 0) when destroyed. This happens due to a bug
in setDefersLoading() that could cause the load to get started more
than once and thus the SandboxExtension to be consumed more than once.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::setDefersLoading):
(WebKit::NetworkResourceLoader::consumeSandboxExtensions):

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (192043 => 192044)


--- trunk/Source/WebKit2/ChangeLog	2015-11-05 00:46:34 UTC (rev 192043)
+++ trunk/Source/WebKit2/ChangeLog	2015-11-05 00:54:25 UTC (rev 192044)
@@ -1,5 +1,22 @@
 2015-11-04  Chris Dumez  <cdu...@apple.com>
 
+        Regression(r192038): Crash in ~SandboxExtension()
+        https://bugs.webkit.org/show_bug.cgi?id=150898
+
+        Reviewed by Alex Christensen.
+
+        We are seeing a couple of crashes under ~SandboxExtension() on the bots
+        after ~SandboxExtension(). The reason is that the SandBoxExtension is
+        still in use (useCount > 0) when destroyed. This happens due to a bug
+        in setDefersLoading() that could cause the load to get started more
+        than once and thus the SandboxExtension to be consumed more than once.
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::setDefersLoading):
+        (WebKit::NetworkResourceLoader::consumeSandboxExtensions):
+
+2015-11-04  Chris Dumez  <cdu...@apple.com>
+
         [WK2] Extract networking code out of NetworkResourceLoader class to improve reusability
         https://bugs.webkit.org/show_bug.cgi?id=150898

Modified: trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp (192043 => 192044)


--- trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp	2015-11-05 00:46:34 UTC (rev 192043)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp	2015-11-05 00:54:25 UTC (rev 192044)
@@ -184,7 +184,10 @@
         return;
     m_defersLoading = defers;
 
-    m_networkLoad->setDefersLoading(defers);
+    if (m_networkLoad) {
+        m_networkLoad->setDefersLoading(defers);
+        return;
+    }
 
     if (!m_defersLoading)
         start();
@@ -524,6 +527,8 @@
 
 void NetworkResourceLoader::consumeSandboxExtensions()
 {
+    ASSERT(!m_didConsumeSandboxExtensions);
+
     for (auto& extension : m_parameters.requestBodySandboxExtensions)
         extension->consume();
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to