[webkit-changes] [150057] trunk/Source

[jocelyn . turcotte]

Title: [150057] trunk/Source

Revision

150057

Author

jocelyn.turco...@digia.com

Date

2013-05-14 01:31:16 -0700 (Tue, 14 May 2013)

Log Message

[Qt] Fix a crash under ~PingLoader when the QNAM on the page has been destroyed.
https://bugs.webkit.org/show_bug.cgi?id=116035

Reviewed by Simon Hausmann.

Source/WebCore:

Reproduced with arora which does destroy the QNetworkAccessManager in some situations.
The problem is that PingLoader can still be pending meanwhile, holding a ResourceHandle
with a dangling pointer to a QNetworkReply destroyed with the QNetworkAccessManager.

* platform/network/qt/QNetworkReplyHandler.cpp:
(WebCore::QNetworkReplyWrapper::QNetworkReplyWrapper):
  Set the parent to 0 like we did before the introduction of QNetworkReplyWrapper.
(WebCore::QNetworkReplyWrapper::release):

Source/WebKit/qt:

* tests/qwebpage/tst_qwebpage.cpp:
(tst_QWebPage::networkReplyParentChanged):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
• trunk/Source/WebKit/qt/ChangeLog
• trunk/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (150056 => 150057)

--- trunk/Source/WebCore/ChangeLog	2013-05-14 06:52:50 UTC (rev 150056)
+++ trunk/Source/WebCore/ChangeLog	2013-05-14 08:31:16 UTC (rev 150057)
@@ -1,3 +1,19 @@
+2013-05-14  Jocelyn Turcotte  <jocelyn.turco...@digia.com>
+
+        [Qt] Fix a crash under ~PingLoader when the QNAM on the page has been destroyed.
+        https://bugs.webkit.org/show_bug.cgi?id=116035
+
+        Reviewed by Simon Hausmann.
+
+        Reproduced with arora which does destroy the QNetworkAccessManager in some situations.
+        The problem is that PingLoader can still be pending meanwhile, holding a ResourceHandle
+        with a dangling pointer to a QNetworkReply destroyed with the QNetworkAccessManager.
+
+        * platform/network/qt/QNetworkReplyHandler.cpp:
+        (WebCore::QNetworkReplyWrapper::QNetworkReplyWrapper):
+          Set the parent to 0 like we did before the introduction of QNetworkReplyWrapper.
+        (WebCore::QNetworkReplyWrapper::release):
+
 2013-05-13  Eric Carlson  <eric.carl...@apple.com>
 
         [Mac] update in-band caption attributes

Modified: trunk/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp (150056 => 150057)

--- trunk/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp	2013-05-14 06:52:50 UTC (rev 150056)
+++ trunk/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp	2013-05-14 08:31:16 UTC (rev 150057)
@@ -269,6 +269,9 @@
 {
     Q_ASSERT(m_reply);
 
+    // Allow the QNetworkReply to outlive its parent QNetworkAccessManager in case the later gets destroyed before our ResourceHandle is done with it.
+    m_reply->setParent(0);
+
     // setFinished() must be the first that we connect, so isFinished() is updated when running other slots.
     connect(m_reply, SIGNAL(finished()), this, SLOT(setFinished()));
     connect(m_reply, SIGNAL(finished()), this, SLOT(receiveMetaData()));
@@ -292,7 +295,6 @@
     m_reply = 0;
     m_sniffer = nullptr;
 
-    reply->setParent(0);
     return reply;
 }
 

Modified: trunk/Source/WebKit/qt/ChangeLog (150056 => 150057)

--- trunk/Source/WebKit/qt/ChangeLog	2013-05-14 06:52:50 UTC (rev 150056)
+++ trunk/Source/WebKit/qt/ChangeLog	2013-05-14 08:31:16 UTC (rev 150057)
@@ -1,3 +1,13 @@
+2013-05-14  Jocelyn Turcotte  <jocelyn.turco...@digia.com>
+
+        [Qt] Fix a crash under ~PingLoader when the QNAM on the page has been destroyed.
+        https://bugs.webkit.org/show_bug.cgi?id=116035
+
+        Reviewed by Simon Hausmann.
+
+        * tests/qwebpage/tst_qwebpage.cpp:
+        (tst_QWebPage::networkReplyParentChanged):
+
 2013-05-12  Timothy Hatcher  <timo...@apple.com>
 
         Add support for updating the Web Inspector toolbar height.

Modified: trunk/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp (150056 => 150057)

--- trunk/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp	2013-05-14 06:52:50 UTC (rev 150056)
+++ trunk/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp	2013-05-14 08:31:16 UTC (rev 150057)
@@ -38,6 +38,7 @@
 #include <qgraphicsview.h>
 #include <qgraphicswebview.h>
 #include <qnetworkcookiejar.h>
+#include <qnetworkreply.h>
 #include <qnetworkrequest.h>
 #include <qpa/qplatforminputcontext.h>
 #include <qwebdatabase.h>
@@ -173,6 +174,7 @@
 #endif
 
     void originatingObjectInNetworkRequests();
+    void networkReplyParentChanged();
     void testJSPrompt();
     void showModalDialog();
     void testStopScheduledPageRefresh();
@@ -2846,6 +2848,19 @@
         QVERIFY(qobject_cast<QWebFrame*>(networkManager->requests.at(i).originatingObject()) == childFrames.at(i));
 }
 
+void tst_QWebPage::networkReplyParentChanged()
+{
+    TestNetworkManager* networkManager = new TestNetworkManager(m_page);
+    m_page->setNetworkAccessManager(networkManager);
+    networkManager->requests.clear();
+
+    // Trigger a load and check if pending QNetworkReplies have been reparented before returning to the event loop.
+    m_view->load(QUrl("qrc:///resources/content.html"));
+
+    QVERIFY(networkManager->requests.count() > 0);
+    QVERIFY(networkManager->findChildren<QNetworkReply*>().isEmpty());
+}
+
 /**
  * Test fixups for https://bugs.webkit.org/show_bug.cgi?id=30914
  *

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes