Bug 113561
| Summary: | [WinCE]checkForHTTPStatusCodeError() in SubresourceLoader::didReceiveResponse causes CRASH in ResourceHandle::onRequestComplete | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chen Zhixiang <chenzx> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Major | CC: | ap, paroga |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Other | ||
| OS: | Other | ||
Chen Zhixiang
Test: use a html in which sub resources are not available:
<html>
<head>
<link href="Not-Existed.css" rel="stylesheet">
</head>
<body>
Test
</body>
</html>
WinCELauncher will crash on loading this html.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Chen Zhixiang
Reason for this bug:
1) When loading a sub resource(Not-Existed.css) from a main html, SubresourceLoader::didReceiveResponse will be called in ResourceHandle::onRequestComplete(), but checkForHTTPStatusCodeError() in SubresourceLoader::didReceiveResponse may deref itself, which causes delete call to ResourceHandleClient* client(), so MUST provide a protector to surrond the 3 calls:
resourceHandleClient->didReceiveResponse
resourceHandleClient->didReceiveData
resourceHandleClient->didFinishLoading
2) SubresourceLoader::didReceiveResponse may get 404 error, in which situation any following action should be stopped, so we need to check this error, and return false ahead if needed.
Chen Zhixiang
But, if we think more deeper, we should find ResourceHandle::onRequestComplete() impl. in Source\WebCore\platform\network\win\ResourceHandleWin.cpp is really not clean.
If resourceHandleClient->didReceiveResponse really deletes resourceHandleClient itself, it should get the next client() call return 0.
Patrick R. Gansterer
I tried this with current trunk, but can't reproduce your problem.
client() will return 0, when the request has been canceled.
Patrick R. Gansterer
Please feel free to reopen the bug if you still see the problem.