Bug 25243

Summary: Crash when data:// loads are cancelled
Product: WebKit Reporter: Gustavo Noronha (kov) <gustavo>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: xan.lopez
Priority: P2 Keywords: Gtk, Soup
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Attachments:
Description Flags
fix plugin crash xan.lopez: review+

Gustavo Noronha (kov)
Reported 2009-04-16 14:05:57 PDT
The plugins/return-error-from-new-stream-callback-in-full-frame-plugin.html test crashes in WebKitGTK+ (though the crash is reported as being caused by the next test, because parseDataUrl is called as an idle callback).
Attachments
fix plugin crash (3.80 KB, patch)
2009-04-16 14:07 PDT, Gustavo Noronha (kov) 		xan.lopez: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Gustavo Noronha (kov)
Comment 1 2009-04-16 14:07:09 PDT
Created attachment 29549 [details] fix plugin crash WebCore/ChangeLog | 15 +++++++++++++++ .../platform/network/soup/ResourceHandleSoup.cpp | 15 ++++++++++++++- WebKit/gtk/ChangeLog | 10 ++++++++++ WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp | 7 +++++++ 4 files changed, 46 insertions(+), 1 deletions(-)
Xan Lopez
Comment 2 2009-04-20 06:53:01 PDT
(In reply to comment #1) > Created an attachment (id=29549) [review] > fix plugin crash > > WebCore/ChangeLog | 15 +++++++++++++++ > .../platform/network/soup/ResourceHandleSoup.cpp | 15 ++++++++++++++- > WebKit/gtk/ChangeLog | 10 ++++++++++ > WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp | 7 +++++++ > 4 files changed, 46 insertions(+), 1 deletions(-) > + Properly handle cancellation of the load for data:// loads. This + fixes crashing in the followin test: + + plugins/return-error-from-new-stream-callback-in-full-frame-plugin.html Extra indentation? + ResourceHandleInternal* d = handle->getInternal(); + if (d->m_cancelled) + return false; Wrong indentation. So, all the checks are needed for the crash to go away, or you are just being extra careful? And the FrameLoaderClientGtk change is for the same bug?
Gustavo Noronha (kov)
Comment 3 2009-04-20 07:23:17 PDT
(In reply to comment #2) > So, all the checks are needed for the crash to go away, or you are just being > extra careful? And the FrameLoaderClientGtk change is for the same bug? No, I think we can get along (for this specific crash) with only this check: if (data.length() > 0) client->didReceiveData(handle, reinterpret_cast<const char*>(data.c + + if (d->m_cancelled) + return false; The other checks I am adding are based on previous experience with fixing loading crashers. We should never trust a load (and the objects that are bound to it) to still exist after dispatching delegates, such as didReceiveResponse. As with content sniffing, plugins add yet another layer of potential problems, because they also delay the didReceiveResponse to when they get the first data (that's why we have that check in FrameLoaderClient, and this one after didReceiveData). Since the checks are all fixing the same problem, though happening under different conditions, I think they make sense as a single commit.
Xan Lopez
Comment 4 2009-04-20 07:33:33 PDT
I see, that covers all but the first check, which I guess it's just an extra precaution in case the loading was cancelled before the function is executed (since it's queued as an idle)? So, r=me with those style issues fixed :)
Gustavo Noronha (kov)
Comment 5 2009-04-20 08:25:38 PDT
(In reply to comment #4) > I see, that covers all but the first check, which I guess it's just an extra > precaution in case the loading was cancelled before the function is executed > (since it's queued as an idle)? Right, I forgot to talk about that one. Yes, indeed, it is a safe-guard because of it being an idle =). > So, r=me with those style issues fixed :) Landed as r42670!
Note You need to log in before you can comment on or make changes to this bug.