Bug 155515

Summary: [Win] Correct double-release of CFURLConnectionRef
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: PC   
OS: All   
See Also: https://bugs.webkit.org/show_bug.cgi?id=155522
Attachments:
Description Flags
Patch
none
Patch
none
Patch thorton: review+

Brent Fulgham
Reported 2016-03-15 15:14:38 PDT
A double-release of a CFURLConnectionRef was identified in one of the WebDownload::init methods: CFURLConnectionRef connection = handle->connection(); … m_download = adoptCF(CFURLDownloadCreateAndStartWithLoadingConnection(0, connection, request.cfURLRequest(UpdateHTTPBody), response.cfURLResponse(), &client)); … // The CFURLDownload either starts successfully and retains the CFURLConnection, // or it fails to creating and we have a now-useless connection with a dangling ref. // Either way, we need to release the connection to balance out ref counts handle->releaseConnectionForDownload(); CFRelease(connection); The last line, the call to CFRelease(connection), is wrong and should be removed, because ResourceHandle::connection() just does d->m_connection.get() CFURLDownloadCreateAndStartWithLoadingConnection() can retain the connection per the comment, while ResourceHandle:: releaseConnectionForDownload() lets go of the connection. But then we release the connection via the raw pointer we stole from the ResourceHandle, as if we thought ResourceHandle::connection() returned a retained connection!
Attachments
Patch (217 bytes, patch)
2016-03-15 15:21 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (1.09 KB, patch)
2016-03-15 15:25 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (1.24 KB, patch)
2016-03-15 16:05 PDT, Brent Fulgham 		thorton: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-03-15 15:15:30 PDT
<rdar://problem/25159143>
Brent Fulgham
Comment 2 2016-03-15 15:19:33 PDT
Note: It looks like this code is not tested in the LayoutTest system because the 'http/tests/downloads/' test suite is skipped on Windows due to missing DRT features.
Brent Fulgham
Comment 3 2016-03-15 15:21:34 PDT
Created attachment 274141 [details] Patch
Brent Fulgham
Comment 4 2016-03-15 15:25:24 PDT
Created attachment 274143 [details] Patch
Brent Fulgham
Comment 5 2016-03-15 16:05:02 PDT
Created attachment 274150 [details] Patch
Brent Fulgham
Comment 6 2016-03-15 16:59:50 PDT
Testing infrastructure on Windows is needed to avoid breaking this in the future. See Bug 155522.
Brent Fulgham
Comment 7 2016-03-15 17:00:10 PDT
Committed r198244: <http://trac.webkit.org/changeset/198244>
Note You need to log in before you can comment on or make changes to this bug.