Bug 28405

Summary: [CURL] Crash when handling local cancelled requests
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebCore Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Attachments:
Description Flags
Check for m_cancelled state before continuing processing of a request. kevino: review+

Description Brent Fulgham 2009-08-17 12:12:04 PDT 
The code in Curl's headerCallback processing is not automatically called when processing local files.  This has led to a number of bugs (e.g., Bug 28312) in the past.

The LayoutTest "fast/images/favicon-as-image.html" (among others) triggers a bug in local file processing when the request is cancelled.  This can happen if the local processing involves JavaScript code that modifies the window location.

The correction is to check the state of the m_cancelled flag immediately after performing the manual processing, and treating the cancelled state in the same way as any cancelled processing occurring earlier in the routine.

This happens in two places:

1.  The writeCallback, where a cancelled request should cause a zero-value return.
2.  The downloadTimerCallback, where a cancelled request should cause the job to be removed and processing to continue.
Comment 1 Brent Fulgham 2009-08-17 12:19:03 PDT 
Created attachment 34985 [details]
Check for m_cancelled state before continuing processing of a request.
Comment 2 Brent Fulgham 2009-08-17 15:39:20 PDT 
Landed in http://trac.webkit.org/changeset/47379.