[webkit-changes] [273842] trunk/Source/WebCore

Wed, 03 Mar 2021 14:38:32 -0800

Title: [273842] trunk/Source/WebCore
Revision
273842
Author
cdu...@apple.com
Date
2021-03-03 14:37:40 -0800 (Wed, 03 Mar 2021)

Log Message

Crash under SubresourceLoader::notifyDone()
https://bugs.webkit.org/show_bug.cgi?id=222683
<rdar://70342402>

Reviewed by Geoffrey Garen.

We were crashing doing a null-dereference of m_documentLoader under
SubresourceLoader::notifyDone(). This adds null checks for m_documentLoader
similarly to what is already done elsewhere in ResourceLoader.

No new tests, I do not know how to reproduce this.

* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::notifyDone):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (273841 => 273842)


--- trunk/Source/WebCore/ChangeLog	2021-03-03 22:23:18 UTC (rev 273841)
+++ trunk/Source/WebCore/ChangeLog	2021-03-03 22:37:40 UTC (rev 273842)
@@ -1,3 +1,20 @@
+2021-03-03  Chris Dumez  <cdu...@apple.com>
+
+        Crash under SubresourceLoader::notifyDone()
+        https://bugs.webkit.org/show_bug.cgi?id=222683
+        <rdar://70342402>
+
+        Reviewed by Geoffrey Garen.
+
+        We were crashing doing a null-dereference of m_documentLoader under
+        SubresourceLoader::notifyDone(). This adds null checks for m_documentLoader
+        similarly to what is already done elsewhere in ResourceLoader.
+
+        No new tests, I do not know how to reproduce this.
+
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::notifyDone):
+
 2021-03-03  Aditya Keerthi  <akeer...@apple.com>
 
         REGRESSION (r273154): Speedometer 2 is 1-2% regressed on iOS

Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (273841 => 273842)


--- trunk/Source/WebCore/loader/SubresourceLoader.cpp	2021-03-03 22:23:18 UTC (rev 273841)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp	2021-03-03 22:37:40 UTC (rev 273842)
@@ -845,10 +845,12 @@
     if (m_state == CancelledWhileInitializing)
         shouldPerformPostLoadActions = false;
 #endif
-    m_documentLoader->cachedResourceLoader().loadDone(type, shouldPerformPostLoadActions);
+    if (m_documentLoader)
+        m_documentLoader->cachedResourceLoader().loadDone(type, shouldPerformPostLoadActions);
     if (reachedTerminalState())
         return;
-    m_documentLoader->removeSubresourceLoader(type, this);
+    if (m_documentLoader)
+        m_documentLoader->removeSubresourceLoader(type, this);
 }
 
 void SubresourceLoader::releaseResources()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to