Bug 11724 - [S60] 3.1 & 3.2 Memory handling error in CHttpCacheEntry::Internalize(), BrowserCache.dll
Summary: [S60] 3.1 & 3.2 Memory handling error in CHttpCacheEntry::Internalize(), Brow...
Status: CLOSED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: 420+
Hardware: S60 Emulator S60 3rd edition
: P2 Critical
Assignee: Nobody
URL:
Keywords: PlatformOnly
Depends on:
Blocks:
 
Reported: 2006-11-30 10:39 PST by Sachin Padma
Modified: 2011-03-21 11:52 PDT (History)
0 users

See Also:


Attachments
fix url not set null of deleting (4.53 KB, patch)
2006-11-30 10:43 PST, Sachin Padma
yongjun.zhang: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sachin Padma 2006-11-30 10:39:27 PST
S60_3_1_200638 release, file name \S60\mw\web\WebEngine\OssWebengine\WebKit\ResourceLoader\CacheSrc\HttpCacheEntry.cpp contains the following code...

TInt CHttpCacheEntry::Internalize(
    RFileReadStream& aReadStream )
    {
    TRAPD( err,
     TInt len;
    // url length
    len = aReadStream.ReadInt32L();
    delete iUrl;
    iUrl = HBufC8::NewL( len );	<== if NewL leaves, then iUrl is deleted, but iUrl is not NULL
    TPtr8 ptr8( iUrl->Des() );
    // url
    aReadStream.ReadL( ptr8, len );
    // filename length
    len = aReadStream.ReadInt32L();
    HBufC* filename = HBufC::NewLC( len );
    TPtr ptr( filename->Des() );
    // url
    aReadStream.ReadL( ptr, len );
    //
    SetFileNameL( filename->Des() );
    //
    CleanupStack::PopAndDestroy(); // filename
    // la
    TReal64 la;
    la = aReadStream.ReadReal64L();
    iLastAccessed = la;
    // ref
    iRef = aReadStream.ReadUint32L();
    // size
    iSize = aReadStream.ReadUint32L( );
    // size
    iHeaderSize = aReadStream.ReadUint32L( );
    // protected
    iProtected = aReadStream.ReadInt32L();
    //
    SetState( ECacheComplete ); );
    return err;
    }

... and this causes problems after CHttpCacheEntry destructor is run, because it deletes the same heap-allocated iUrl again.
Comment 1 Sachin Padma 2006-11-30 10:39:56 PST
TSW ID:  THYN-6VJCRE
Comment 2 Sachin Padma 2006-11-30 10:43:24 PST
Created attachment 11684 [details]
fix url not set null of deleting
Comment 3 Yongjun Zhang 2006-11-30 12:18:06 PST
Comment on attachment 11684 [details]
fix url not set null of deleting

r=me
Comment 4 Sachin Padma 2006-11-30 12:34:55 PST
committed as r17943
Comment 5 Krishna 2007-01-21 08:28:00 PST
Verified and Closed.
Comment 6 Joel Parks 2011-03-21 11:52:52 PDT
re-purposing InTSW keyword for use by QtWebkit team