28405 2009-08-17 12:12:04 -0700 [CURL] Crash when handling local cancelled requests 2009-08-17 15:39:20 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC Windows XP RESOLVED FIXED P2 Normal --- 1 bfulgham bfulgham oldest_to_newest 140790 0 bfulgham 2009-08-17 12:12:04 -0700 The code in Curl's headerCallback processing is not automatically called when processing local files. This has led to a number of bugs (e.g., Bug 28312) in the past. The LayoutTest "fast/images/favicon-as-image.html" (among others) triggers a bug in local file processing when the request is cancelled. This can happen if the local processing involves JavaScript code that modifies the window location. The correction is to check the state of the m_cancelled flag immediately after performing the manual processing, and treating the cancelled state in the same way as any cancelled processing occurring earlier in the routine. This happens in two places: 1. The writeCallback, where a cancelled request should cause a zero-value return. 2. The downloadTimerCallback, where a cancelled request should cause the job to be removed and processing to continue. 140791 1 34985 bfulgham 2009-08-17 12:19:03 -0700 Created attachment 34985 Check for m_cancelled state before continuing processing of a request. 140850 2 bfulgham 2009-08-17 15:39:20 -0700 Landed in http://trac.webkit.org/changeset/47379. 34985 2009-08-17 12:19:03 -0700 2009-08-17 12:37:17 -0700 Check for m_cancelled state before continuing processing of a request. curl_crash.patch text/plain 2153 bfulgham SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NzM3NCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTggQEAKKzIwMDktMDgtMTcgIEJyZW50IEZ1bGdoYW0gIDxiZnVsZ2hhbUB3ZWJr aXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IENvcnJlY3QgY3Jhc2ggd2hlbiBwcm9jZXNzaW5nIGxvY2FsIGNhbmNlbGxlZCByZXF1ZXN0cy4K KworICAgICAgICBObyBuZXcgdGVzdHMuIEV4aXN0aW5nIGZhc3QvaW1hZ2VzL2Zhdmljb24tYXMt aW1hZ2UuaHRtbAorICAgICAgICBkaXNwbGF5cyB0aGUgcHJvYmxlbS4KKworICAgICAgICAqIHBs YXRmb3JtL25ldHdvcmsvY3VybC9SZXNvdXJjZUhhbmRsZU1hbmFnZXIuY3BwOgorICAgICAgICAo V2ViQ29yZTo6d3JpdGVDYWxsYmFjayk6IEFkZCBjaGVjayBmb3IgbV9jYW5jZWxsZWQgYWZ0ZXIK KyAgICAgICAgICBwZXJmb3JtaW5nIGxvY2FsLWZpbGUgcHJvY2Vzc2luZy4KKyAgICAgICAgKFdl YkNvcmU6OlJlc291cmNlSGFuZGxlTWFuYWdlcjo6ZG93bmxvYWRUaW1lckNhbGxiYWNrKTogQWRk CisgICAgICAgICAgY2hlY2sgZm9yIG1fY2FuY2VsbGVkIGFmdGVyIHBlcmZvcm1pbmcgbG9jYWwt ZmlsZSBwcm9jZXNzaW5nLgorCiAyMDA5LTA4LTE3ICBZb25nIExpICA8eW9uZy5saUB0b3JjaG1v YmlsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgQWRhbSBUcmVhdC4KSW5kZXg6IFdlYkNv cmUvcGxhdGZvcm0vbmV0d29yay9jdXJsL1Jlc291cmNlSGFuZGxlTWFuYWdlci5jcHAKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL2N1cmwvUmVzb3VyY2VIYW5kbGVNYW5h Z2VyLmNwcAkocmV2aXNpb24gNDcyOTkpCisrKyBXZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvY3Vy bC9SZXNvdXJjZUhhbmRsZU1hbmFnZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xNTAsOCArMTUw LDExIEBAIHN0YXRpYyBzaXplX3Qgd3JpdGVDYWxsYmFjayh2b2lkKiBwdHIsIHMKICAgICBpZiAo Q1VSTEVfT0sgPT0gZXJyICYmIGh0dHBDb2RlID49IDMwMCAmJiBodHRwQ29kZSA8IDQwMCkKICAg ICAgICAgcmV0dXJuIHRvdGFsU2l6ZTsKIAotICAgIGlmICghZC0+bV9yZXNwb25zZS5yZXNwb25z ZUZpcmVkKCkpCi0gICAgICAgaGFuZGxlTG9jYWxSZWNlaXZlUmVzcG9uc2UoaCwgam9iLCBkKTsK KyAgICBpZiAoIWQtPm1fcmVzcG9uc2UucmVzcG9uc2VGaXJlZCgpKSB7CisgICAgICAgIGhhbmRs ZUxvY2FsUmVjZWl2ZVJlc3BvbnNlKGgsIGpvYiwgZCk7CisgICAgICAgIGlmIChkLT5tX2NhbmNl bGxlZCkKKyAgICAgICAgICAgIHJldHVybiAwOworICAgIH0KIAogICAgIGlmIChkLT5jbGllbnQo KSkKICAgICAgICAgZC0+Y2xpZW50KCktPmRpZFJlY2VpdmVEYXRhKGpvYiwgc3RhdGljX2Nhc3Q8 Y2hhcio+KHB0ciksIHRvdGFsU2l6ZSwgMCk7CkBAIC0zMzksOCArMzQyLDEzIEBAIHZvaWQgUmVz b3VyY2VIYW5kbGVNYW5hZ2VyOjpkb3dubG9hZFRpbWUKICAgICAgICAgICAgIGNvbnRpbnVlOwog CiAgICAgICAgIGlmIChDVVJMRV9PSyA9PSBtc2ctPmRhdGEucmVzdWx0KSB7Ci0gICAgICAgICAg ICBpZiAoIWQtPm1fcmVzcG9uc2UucmVzcG9uc2VGaXJlZCgpKQorICAgICAgICAgICAgaWYgKCFk LT5tX3Jlc3BvbnNlLnJlc3BvbnNlRmlyZWQoKSkgewogICAgICAgICAgICAgICAgIGhhbmRsZUxv Y2FsUmVjZWl2ZVJlc3BvbnNlKGQtPm1faGFuZGxlLCBqb2IsIGQpOworICAgICAgICAgICAgICAg IGlmIChkLT5tX2NhbmNlbGxlZCkgeworICAgICAgICAgICAgICAgICAgICByZW1vdmVGcm9tQ3Vy bChqb2IpOworICAgICAgICAgICAgICAgICAgICBjb250aW51ZTsKKyAgICAgICAgICAgICAgICB9 CisgICAgICAgICAgICB9CiAKICAgICAgICAgICAgIGlmIChkLT5jbGllbnQoKSkKICAgICAgICAg ICAgICAgICBkLT5jbGllbnQoKS0+ZGlkRmluaXNoTG9hZGluZyhqb2IpOwo=