Skip to site navigation (Press enter)

[webkit-changes] [140154] trunk/Source/WebCore

sergio Fri, 18 Jan 2013 08:26:58 -0800

Title: [140154] trunk/Source/WebCore

Revision: 140154
Author: ser...@webkit.org
Date: 2013-01-18 08:28:40 -0800 (Fri, 18 Jan 2013)

Log Message

[Soup] Frequent crashes on redirections
https://bugs.webkit.org/show_bug.cgi?id=107240


Reviewed by Martin Robinson.

We must ensure that the ResourceHandle has not being cancelled
before performing a redirect. This could happen while we close the
stream used to read the redirect response because it is done
asynchronously.

* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::redirectCloseCallback): also renamed res to result.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (140153 => 140154)


--- trunk/Source/WebCore/ChangeLog	2013-01-18 16:27:12 UTC (rev 140153)
+++ trunk/Source/WebCore/ChangeLog	2013-01-18 16:28:40 UTC (rev 140154)
@@ -1,3 +1,18 @@
+2013-01-18  Sergio Villar Senin  <svil...@igalia.com>
+
+        [Soup] Frequent crashes on redirections
+        https://bugs.webkit.org/show_bug.cgi?id=107240
+
+        Reviewed by Martin Robinson.
+
+        We must ensure that the ResourceHandle has not being cancelled
+        before performing a redirect. This could happen while we close the
+        stream used to read the redirect response because it is done
+        asynchronously.
+
+        * platform/network/soup/ResourceHandleSoup.cpp:
+        (WebCore::redirectCloseCallback): also renamed res to result.
+
 2013-01-18  Andrey Adaikin  <aand...@chromium.org>
 
         Web Inspector: array grouping does not work big sparse arrays

Modified: trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp (140153 => 140154)


--- trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp	2013-01-18 16:27:12 UTC (rev 140153)
+++ trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp	2013-01-18 16:28:40 UTC (rev 140154)
@@ -486,12 +486,17 @@
     handle->sendPendingRequest();
 }
 
-static void redirectCloseCallback(GObject*, GAsyncResult* res, gpointer data)
+static void redirectCloseCallback(GObject*, GAsyncResult* result, gpointer data)
 {
     RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(data);
     ResourceHandleInternal* d = handle->getInternal();
 
-    g_input_stream_close_finish(d->m_inputStream.get(), res, 0);
+    if (d->m_cancelled || !handle->client()) {
+        cleanupSoupRequestOperation(handle.get());
+        return;
+    }
+
+    g_input_stream_close_finish(d->m_inputStream.get(), result, 0);
     doRedirect(handle.get());
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes