Skip to site navigation (Press enter)

[webkit-changes] [244030] trunk/Source/WebKit

achristensen Mon, 08 Apr 2019 11:46:47 -0700

Title: [244030] trunk/Source/WebKit

Revision: 244030
Author: achristen...@apple.com
Date: 2019-04-08 11:45:15 -0700 (Mon, 08 Apr 2019)

Log Message

REGRESSION(236463) DownloadManager can call a null CompletionHandler
https://bugs.webkit.org/show_bug.cgi?id=196414
<rdar://problem/48389434>


Reviewed by Geoff Garen.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::convertToDownload):
DownloadManager::continueDecidePendingDownloadDestination is being called when there is no completion handler.
r236463 introduced an unchecked code path that can allow this to happen.

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (244029 => 244030)


--- trunk/Source/WebKit/ChangeLog	2019-04-08 18:09:33 UTC (rev 244029)
+++ trunk/Source/WebKit/ChangeLog	2019-04-08 18:45:15 UTC (rev 244030)
@@ -1,3 +1,16 @@
+2019-04-08  Alex Christensen  <achristen...@webkit.org>
+
+        REGRESSION(236463) DownloadManager can call a null CompletionHandler
+        https://bugs.webkit.org/show_bug.cgi?id=196414
+        <rdar://problem/48389434>
+
+        Reviewed by Geoff Garen.
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::convertToDownload):
+        DownloadManager::continueDecidePendingDownloadDestination is being called when there is no completion handler.
+        r236463 introduced an unchecked code path that can allow this to happen.
+
 2019-04-07  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, rolling out r243956.

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (244029 => 244030)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2019-04-08 18:09:33 UTC (rev 244029)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2019-04-08 18:45:15 UTC (rev 244030)
@@ -321,8 +321,8 @@
         return;
     }
 
-    ASSERT(m_responseCompletionHandler);
-    m_connection->networkProcess().downloadManager().convertNetworkLoadToDownload(downloadID, std::exchange(m_networkLoad, nullptr), WTFMove(m_responseCompletionHandler), WTFMove(m_fileReferences), request, response);
+    if (m_responseCompletionHandler)
+        m_connection->networkProcess().downloadManager().convertNetworkLoadToDownload(downloadID, std::exchange(m_networkLoad, nullptr), WTFMove(m_responseCompletionHandler), WTFMove(m_fileReferences), request, response);
 }
 
 void NetworkResourceLoader::abort()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes