Attachment 343533 Details for Bug 187012 – Patch

[patch] Patch

bug-187012-20180625133525.patch (text/plain), 2.81 KB, created by Chris Dumez on 2018-06-25 13:34:59 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Chris Dumez

Created: 2018-06-25 13:34:59 PDT

Size: 2.81 KB

patch

obsolete

>Subversion Revision: 233161
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index cc1d3347bf85b24e17cb989b2a92f8fd57cf45cb..723f060f67ffe1a24ba8d4d8a92a1ae261121f0c 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,21 @@
>+2018-06-25  Chris Dumez  <cdumez@apple.com>
>+
>+        Null dereference crash un ApplicationCacheGroup::startLoadingEntry()
>+        https://bugs.webkit.org/show_bug.cgi?id=187012
>+        <rdar://problem/40793716>
>+
>+        Reviewed by Youenn Fablet.
>+
>+        m_entryLoader can be null because ApplicationCacheResourceLoader::create() return null when
>+        CachedResourceLoader::requestRawResource() fails synchronously. In such case, the completion
>+        handler gets called with a ApplicationCacheResourceLoader::Error::CannotRequestResource error.
>+
>+        To address the issue, we capture the request's URL in the lambda and use it instead of trying
>+        to get the URL from the loader's resource.
>+
>+        * loader/appcache/ApplicationCacheGroup.cpp:
>+        (WebCore::ApplicationCacheGroup::startLoadingEntry):
>+
> 2018-06-25  Simon Fraser  <simon.fraser@apple.com>
> 
>         AutoTableLayout wastes 52KB of Vector capacity on nytimes.com
>diff --git a/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp b/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp
>index d9947a2b3454a757b51deab909d1b319f67f6550..06ed8ef192e9b63789b7b41340e2fd0fbf92e8e3 100644
>--- a/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp
>+++ b/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp
>@@ -903,17 +903,18 @@ void ApplicationCacheGroup::startLoadingEntry()
>     InspectorInstrumentation::willSendRequest(m_frame, m_currentResourceIdentifier, m_frame->loader().documentLoader(), request, ResourceResponse { });
> 
>     auto& documentLoader = *m_frame->loader().documentLoader();
>-    m_entryLoader = ApplicationCacheResourceLoader::create(m_pendingEntries.begin()->value, documentLoader.cachedResourceLoader(), WTFMove(request), [this] (auto&& resourceOrError) {
>+    auto requestURL = request.url();
>+    m_entryLoader = ApplicationCacheResourceLoader::create(m_pendingEntries.begin()->value, documentLoader.cachedResourceLoader(), WTFMove(request), [this, requestURL = WTFMove(requestURL)] (auto&& resourceOrError) {
>         if (!resourceOrError.has_value()) {
>             auto error = resourceOrError.error();
>             if (error == ApplicationCacheResourceLoader::Error::Abort)
>                 return;
>-            this->didFailLoadingEntry(error, m_entryLoader->resource()->url());
>+            this->didFailLoadingEntry(error, requestURL);
>             return;
>         }
> 
>         m_currentResource = WTFMove(resourceOrError.value());
>-        this->didFinishLoadingEntry(m_entryLoader->resource()->url());
>+        this->didFinishLoadingEntry(requestURL);
>     });
> }
>

Actions: View | Formatted Diff | Diff

Attachments on bug 187012: 343532 | 343533