Bug 28405 - [CURL] Crash when handling local cancelled requests
Summary: [CURL] Crash when handling local cancelled requests
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-17 12:12 PDT by Brent Fulgham
Modified: 2009-08-17 15:39 PDT (History)
0 users

See Also:

Attachments
Check for m_cancelled state before continuing processing of a request. (2.10 KB, patch)
2009-08-17 12:19 PDT, Brent Fulgham 		kevino: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2009-08-17 12:12:04 PDT 
The code in Curl's headerCallback processing is not automatically called when processing local files.  This has led to a number of bugs (e.g., Bug 28312) in the past.

The LayoutTest "fast/images/favicon-as-image.html" (among others) triggers a bug in local file processing when the request is cancelled.  This can happen if the local processing involves JavaScript code that modifies the window location.

The correction is to check the state of the m_cancelled flag immediately after performing the manual processing, and treating the cancelled state in the same way as any cancelled processing occurring earlier in the routine.

This happens in two places:

1.  The writeCallback, where a cancelled request should cause a zero-value return.
2.  The downloadTimerCallback, where a cancelled request should cause the job to be removed and processing to continue.
Comment 1 Brent Fulgham 2009-08-17 12:19:03 PDT 
Created attachment 34985 [details]
Check for m_cancelled state before continuing processing of a request.
Comment 2 Brent Fulgham 2009-08-17 15:39:20 PDT 
Landed in http://trac.webkit.org/changeset/47379.