Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (195568 => 195569)
--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-26 00:43:39 UTC (rev 195568)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-26 00:43:42 UTC (rev 195569)
@@ -1,3 +1,30 @@
+2016-01-25 Matthew Hanson <[email protected]>
+
+ Merge r195393. rdar://problem/24042909
+
+ 2016-01-20 David Kilzer <[email protected]>
+
+ ResourceHandleCFURLConnectionDelegateWithOperationQueue delegate methods don't NULL-check m_handle->client()
+ <https://webkit.org/b/152675>
+ <rdar://problem/24034044>
+
+ Reviewed by Brent Fulgham.
+
+ * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray):
+ - Add NULL check for m_handle->client() as is done in the
+ WebCoreResourceHandleAsOperationQueueDelegate class in
+ WebCoreResourceHandleAsOperationQueueDelegate.mm. (The NULL
+ check for -connection:didReceiveResponse: is currently
+ missing, but there are crashes there, too, that are covered by
+ Bug 152673.)
+
2016-01-20 Matthew Hanson <[email protected]>
Merge r195150. rdar://problem/24208162
Modified: branches/safari-601.1.46-branch/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp (195568 => 195569)
--- branches/safari-601.1.46-branch/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp 2016-01-26 00:43:39 UTC (rev 195568)
+++ branches/safari-601.1.46-branch/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp 2016-01-26 00:43:42 UTC (rev 195569)
@@ -132,7 +132,7 @@
RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
dispatch_async(dispatch_get_main_queue(), ^{
- if (!protector->hasHandle()) {
+ if (!protector->hasHandle() || !m_handle->client()) {
continueDidReceiveResponse();
return;
}
@@ -171,7 +171,7 @@
CFRetain(data);
dispatch_async(dispatch_get_main_queue(), ^{
- if (protector->hasHandle()) {
+ if (protector->hasHandle() && m_handle->client()) {
LOG(Network, "CFNet - ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData(handle=%p) (%s)", m_handle, m_handle->firstRequest().url().string().utf8().data());
m_handle->client()->didReceiveBuffer(m_handle, SharedBuffer::wrapCFData(data), originalLength);
@@ -187,7 +187,7 @@
// capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
dispatch_async(dispatch_get_main_queue(), ^{
- if (!protector->hasHandle())
+ if (!protector->hasHandle() || !m_handle->client())
return;
LOG(Network, "CFNet - ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading(handle=%p) (%s)", m_handle, m_handle->firstRequest().url().string().utf8().data());
@@ -203,7 +203,7 @@
RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
CFRetain(error);
dispatch_async(dispatch_get_main_queue(), ^{
- if (protector->hasHandle()) {
+ if (protector->hasHandle() && m_handle->client()) {
LOG(Network, "CFNet - ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail(handle=%p) (%s)", m_handle, m_handle->firstRequest().url().string().utf8().data());
m_handle->client()->didFail(m_handle, ResourceError(error));
@@ -220,7 +220,7 @@
RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
dispatch_async(dispatch_get_main_queue(), ^{
- if (!protector->hasHandle()) {
+ if (!protector->hasHandle() || !m_handle->client()) {
continueWillCacheResponse(nullptr);
return;
}
@@ -256,7 +256,7 @@
// capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
dispatch_async(dispatch_get_main_queue(), ^{
- if (!protector->hasHandle())
+ if (!protector->hasHandle() || !m_handle->client())
return;
LOG(Network, "CFNet - ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData(handle=%p) (%s)", m_handle, m_handle->firstRequest().url().string().utf8().data());
@@ -308,7 +308,7 @@
RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
CFRetain(dataArray);
dispatch_async(dispatch_get_main_queue(), ^{
- if (protector->hasHandle()) {
+ if (protector->hasHandle() && m_handle->client()) {
LOG(Network, "CFNet - ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData(handle=%p) (%s)", m_handle, m_handle->firstRequest().url().string().utf8().data());
m_handle->client()->didReceiveBuffer(m_handle, SharedBuffer::wrapCFDataArray(dataArray), -1);
