64656 – SubresourceLoader::didReceiveDataArray can crash when calling m_client->didReceiveData()

RESOLVED FIXED 64656

SubresourceLoader::didReceiveDataArray can crash when calling m_client->didReceiveData()

https://bugs.webkit.org/show_bug.cgi?id=64656

Summary SubresourceLoader::didReceiveDataArray can crash when calling m_client->didRe...

Pratik Solanki

Reported 2011-07-16 15:00:33 PDT

SubresourceLoader::didReceiveDataArray() calls m_client->didReceiveData() in a loop. This can crash if m_client is deleted in an iteration. This is similar to bug 60594.

Attachments
Patch (1.61 KB, patch) 2011-07-16 15:14 PDT, Pratik Solanki	ap: review+ ap: commit-queue-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Pratik Solanki

Comment 1 2011-07-16 15:01:14 PDT

<rdar://problem/9754425>

Pratik Solanki

Comment 2 2011-07-16 15:14:40 PDT

Created attachment 101101 [details] Patch

Alexey Proskuryakov

Comment 3 2011-07-16 15:23:35 PDT

Comment on attachment 101101 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=101101&action=review > Source/WebCore/loader/cf/SubresourceLoaderCF.cpp:47 > + if (!m_client) > + break; Please remove a check for m_client that you have above (if (!m_loadingMultipartContent && m_client)).

Pratik Solanki

Comment 4 2011-07-16 16:29:54 PDT

Committed r91157: <http://trac.webkit.org/changeset/91157>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component Platform

Assignee

Pratik Solanki

Reported

2011-07-16 15:00 PDT

Modified

2011-07-16 16:29 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks