CLOSED FIXED 11724
[S60] 3.1 & 3.2 Memory handling error in CHttpCacheEntry::Internalize(), BrowserCache.dll
https://bugs.webkit.org/show_bug.cgi?id=11724
Summary [S60] 3.1 & 3.2 Memory handling error in CHttpCacheEntry::Internalize(), Brow...
Sachin Padma
Reported 2006-11-30 10:39:27 PST
S60_3_1_200638 release, file name \S60\mw\web\WebEngine\OssWebengine\WebKit\ResourceLoader\CacheSrc\HttpCacheEntry.cpp contains the following code... TInt CHttpCacheEntry::Internalize( RFileReadStream& aReadStream ) { TRAPD( err, TInt len; // url length len = aReadStream.ReadInt32L(); delete iUrl; iUrl = HBufC8::NewL( len ); <== if NewL leaves, then iUrl is deleted, but iUrl is not NULL TPtr8 ptr8( iUrl->Des() ); // url aReadStream.ReadL( ptr8, len ); // filename length len = aReadStream.ReadInt32L(); HBufC* filename = HBufC::NewLC( len ); TPtr ptr( filename->Des() ); // url aReadStream.ReadL( ptr, len ); // SetFileNameL( filename->Des() ); // CleanupStack::PopAndDestroy(); // filename // la TReal64 la; la = aReadStream.ReadReal64L(); iLastAccessed = la; // ref iRef = aReadStream.ReadUint32L(); // size iSize = aReadStream.ReadUint32L( ); // size iHeaderSize = aReadStream.ReadUint32L( ); // protected iProtected = aReadStream.ReadInt32L(); // SetState( ECacheComplete ); ); return err; } ... and this causes problems after CHttpCacheEntry destructor is run, because it deletes the same heap-allocated iUrl again.
Attachments
fix url not set null of deleting (4.53 KB, patch)
2006-11-30 10:43 PST, Sachin Padma
yongjun.zhang: review+
Sachin Padma
Comment 1 2006-11-30 10:39:56 PST
TSW ID: THYN-6VJCRE
Sachin Padma
Comment 2 2006-11-30 10:43:24 PST
Created attachment 11684 [details] fix url not set null of deleting
Yongjun Zhang
Comment 3 2006-11-30 12:18:06 PST
Comment on attachment 11684 [details] fix url not set null of deleting r=me
Sachin Padma
Comment 4 2006-11-30 12:34:55 PST
committed as r17943
Krishna
Comment 5 2007-01-21 08:28:00 PST
Verified and Closed.
Joel Parks
Comment 6 2011-03-21 11:52:52 PDT
re-purposing InTSW keyword for use by QtWebkit team
Note You need to log in before you can comment on or make changes to this bug.