RESOLVED FIXED 167658
Variable used after it's been WTFMove'd 
https://bugs.webkit.org/show_bug.cgi?id=167658
Summary Variable used after it's been WTFMove'd
Keith Rollin
Reported 2017-01-31 12:18:29 PST
SubresourceLoader::didReceiveDataOrBuffer WTFMoves "buffer": ResourceLoader::didReceiveDataOrBuffer(data, length, WTFMove(buffer), encodedDataLength, dataPayloadType); It later uses (the now empty) "buffer": m_resource->addData(buffer ? buffer->data() : data, buffer ? buffer->size() : length); With both "buffer" and "data" now being empty, m_resource->addData may not work as intended. m_resource is a CachedResource*, but I think I saw that it was pointing to a CachedRawResource in my debugging. This means that CachedRawResource::addData may be called with null values. This calls CachedRawResource::notifyClientsDataWasReceived, which will exit early when no data is passed in, skipping any actual notification.
Attachments
Patch (2.75 KB, patch)
2017-01-31 12:51 PST, Keith Rollin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2017-01-31 12:25:44 PST
Good find.
Keith Rollin
Comment 2 2017-01-31 12:51:33 PST
Created attachment 300249 [details] Patch
Chris Dumez
Comment 3 2017-01-31 12:56:49 PST
Comment on attachment 300249 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=300249&action=review r=me > Source/WebCore/loader/SubresourceLoader.cpp:391 > + ResourceLoader::didReceiveDataOrBuffer(data, length, buffer.copyRef(), encodedDataLength, dataPayloadType); RefPtr has a copy constructor. I don't think it is actually needed here.
Chris Dumez
Comment 4 2017-01-31 12:57:10 PST
Comment on attachment 300249 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=300249&action=review >> Source/WebCore/loader/SubresourceLoader.cpp:391 >> + ResourceLoader::didReceiveDataOrBuffer(data, length, buffer.copyRef(), encodedDataLength, dataPayloadType); > > RefPtr has a copy constructor. I don't think it is actually needed here. I meant I don't think copyRef() is actually needed.
Keith Rollin
Comment 5 2017-01-31 13:18:47 PST
It's needed because buffer is passed in as an rvalue reference and passed to the superclass as an rvalue reference. Without a WTFMove or a copyRef, we get: /Volumes/Data/dev/WebKit/branches/missing_logging/OpenSource/Source/WebCore/loader/SubresourceLoader.cpp:391:58: error: rvalue reference to type 'RefPtr<...>' cannot bind to lvalue of type 'RefPtr<...>'
WebKit Commit Bot
Comment 6 2017-01-31 14:42:14 PST
Comment on attachment 300249 [details] Patch Clearing flags on attachment: 300249 Committed r211449: <http://trac.webkit.org/changeset/211449>
WebKit Commit Bot
Comment 7 2017-01-31 14:42:20 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.