Title: [259080] trunk/Source/WebCore
- Revision
- 259080
- Author
- cdu...@apple.com
- Date
- 2020-03-26 14:33:33 -0700 (Thu, 26 Mar 2020)
Log Message
[ Mac wk1] ASSERTION FAILED: m_wrapper under WebCore::XMLHttpRequestUpload::dispatchProgressEvent
https://bugs.webkit.org/show_bug.cgi?id=209560
<rdar://problem/60887773>
Reviewed by Geoffrey Garen.
XMLHttpRequest::hasPendingActivity() was returning false if the XMLHttpRequest object did not
have any relevant event listeners. However, the XMLHttpRequestUpload's wrapper lifetime is tried
to the lifetime of its XMLHttpRequest wrapper. As a result, both the XMLHttpRequest and
XMLHttpRequestUpload wrappers could get garbage collected if the XMLHttpRequest did not have a
relevant listener, even though XMLHttpRequestUpload may have a relevant event listeners. We would
then hit the assertion when trying to fire an event on this XMLHttpRequestUpload object.
To address the issue, we update XMLHttpRequest::hasPendingActivity() to return false if both
XMLHttpRequest AND XMLHttpRequestUpload have no relevant event listeners.
No new tests, covered by imported/w3c/web-platform-tests/xhr/send-response-upload-event-progress.htm
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::hasPendingActivity const):
* xml/XMLHttpRequestUpload.cpp:
(WebCore::XMLHttpRequestUpload::eventListenersDidChange):
* xml/XMLHttpRequestUpload.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (259079 => 259080)
--- trunk/Source/WebCore/ChangeLog 2020-03-26 21:25:21 UTC (rev 259079)
+++ trunk/Source/WebCore/ChangeLog 2020-03-26 21:33:33 UTC (rev 259080)
@@ -1,3 +1,29 @@
+2020-03-26 Chris Dumez <cdu...@apple.com>
+
+ [ Mac wk1] ASSERTION FAILED: m_wrapper under WebCore::XMLHttpRequestUpload::dispatchProgressEvent
+ https://bugs.webkit.org/show_bug.cgi?id=209560
+ <rdar://problem/60887773>
+
+ Reviewed by Geoffrey Garen.
+
+ XMLHttpRequest::hasPendingActivity() was returning false if the XMLHttpRequest object did not
+ have any relevant event listeners. However, the XMLHttpRequestUpload's wrapper lifetime is tried
+ to the lifetime of its XMLHttpRequest wrapper. As a result, both the XMLHttpRequest and
+ XMLHttpRequestUpload wrappers could get garbage collected if the XMLHttpRequest did not have a
+ relevant listener, even though XMLHttpRequestUpload may have a relevant event listeners. We would
+ then hit the assertion when trying to fire an event on this XMLHttpRequestUpload object.
+
+ To address the issue, we update XMLHttpRequest::hasPendingActivity() to return false if both
+ XMLHttpRequest AND XMLHttpRequestUpload have no relevant event listeners.
+
+ No new tests, covered by imported/w3c/web-platform-tests/xhr/send-response-upload-event-progress.htm
+
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::hasPendingActivity const):
+ * xml/XMLHttpRequestUpload.cpp:
+ (WebCore::XMLHttpRequestUpload::eventListenersDidChange):
+ * xml/XMLHttpRequestUpload.h:
+
2020-03-26 Ryosuke Niwa <rn...@webkit.org>
Crash in RadioButtonGroups::requiredStateChanged
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (259079 => 259080)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2020-03-26 21:25:21 UTC (rev 259079)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2020-03-26 21:33:33 UTC (rev 259080)
@@ -1182,7 +1182,7 @@
if (ActiveDOMObject::hasPendingActivity())
return true;
- if (!m_hasRelevantEventListener)
+ if (!m_hasRelevantEventListener && !(m_upload && m_upload->hasRelevantEventListener()))
return false;
switch (readyState()) {
Modified: trunk/Source/WebCore/xml/XMLHttpRequestUpload.cpp (259079 => 259080)
--- trunk/Source/WebCore/xml/XMLHttpRequestUpload.cpp 2020-03-26 21:25:21 UTC (rev 259079)
+++ trunk/Source/WebCore/xml/XMLHttpRequestUpload.cpp 2020-03-26 21:33:33 UTC (rev 259080)
@@ -41,6 +41,17 @@
{
}
+void XMLHttpRequestUpload::eventListenersDidChange()
+{
+ m_hasRelevantEventListener = hasEventListeners(eventNames().abortEvent)
+ || hasEventListeners(eventNames().errorEvent)
+ || hasEventListeners(eventNames().loadEvent)
+ || hasEventListeners(eventNames().loadendEvent)
+ || hasEventListeners(eventNames().loadstartEvent)
+ || hasEventListeners(eventNames().progressEvent)
+ || hasEventListeners(eventNames().timeoutEvent);
+}
+
void XMLHttpRequestUpload::dispatchProgressEvent(const AtomString& type, unsigned long long loaded, unsigned long long total)
{
ASSERT(type == eventNames().loadstartEvent || type == eventNames().progressEvent || type == eventNames().loadEvent || type == eventNames().loadendEvent || type == eventNames().abortEvent || type == eventNames().errorEvent || type == eventNames().timeoutEvent);
Modified: trunk/Source/WebCore/xml/XMLHttpRequestUpload.h (259079 => 259080)
--- trunk/Source/WebCore/xml/XMLHttpRequestUpload.h 2020-03-26 21:25:21 UTC (rev 259079)
+++ trunk/Source/WebCore/xml/XMLHttpRequestUpload.h 2020-03-26 21:33:33 UTC (rev 259080)
@@ -40,7 +40,11 @@
void dispatchProgressEvent(const AtomString& type, unsigned long long loaded, unsigned long long total);
+ bool hasRelevantEventListener() const { return m_hasRelevantEventListener; }
+
private:
+ // EventTarget.
+ void eventListenersDidChange() final;
void refEventTarget() final { ref(); }
void derefEventTarget() final { deref(); }
@@ -48,6 +52,7 @@
ScriptExecutionContext* scriptExecutionContext() const final { return m_request.scriptExecutionContext(); }
XMLHttpRequest& m_request;
+ bool m_hasRelevantEventListener { false };
};
} // namespace WebCore
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
