Title: [159974] trunk/Source/WebCore
- Revision
- 159974
- Author
- beid...@apple.com
- Date
- 2013-12-02 15:30:53 -0800 (Mon, 02 Dec 2013)
Log Message
Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
https://bugs.webkit.org/show_bug.cgi?id=125110
Reviewed by Darin Adler.
It’s possible to have a null m_originatingProgressFrame when the heartbeat timer fires.
On the surface this seems impossible because the only time m_originatingProgressFrame is cleared
out the heartbeat timer is also stopped.
But there’s likely still a race condition in multi-threaded environments.
There’s no harm in null-checking m_originatingProgressFrame before accessing its loader.
* loader/ProgressTracker.cpp:
(WebCore::ProgressTracker::progressHeartbeatTimerFired):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (159973 => 159974)
--- trunk/Source/WebCore/ChangeLog 2013-12-02 23:17:53 UTC (rev 159973)
+++ trunk/Source/WebCore/ChangeLog 2013-12-02 23:30:53 UTC (rev 159974)
@@ -1,5 +1,24 @@
2013-12-02 Brady Eidson <beid...@apple.com>
+ Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
+ https://bugs.webkit.org/show_bug.cgi?id=125110
+
+ Reviewed by Darin Adler.
+
+ It’s possible to have a null m_originatingProgressFrame when the heartbeat timer fires.
+
+ On the surface this seems impossible because the only time m_originatingProgressFrame is cleared
+ out the heartbeat timer is also stopped.
+
+ But there’s likely still a race condition in multi-threaded environments.
+
+ There’s no harm in null-checking m_originatingProgressFrame before accessing its loader.
+
+ * loader/ProgressTracker.cpp:
+ (WebCore::ProgressTracker::progressHeartbeatTimerFired):
+
+2013-12-02 Brady Eidson <beid...@apple.com>
+
Add more CachedPage null checks
https://bugs.webkit.org/show_bug.cgi?id=125106
Modified: trunk/Source/WebCore/loader/ProgressTracker.cpp (159973 => 159974)
--- trunk/Source/WebCore/loader/ProgressTracker.cpp 2013-12-02 23:17:53 UTC (rev 159973)
+++ trunk/Source/WebCore/loader/ProgressTracker.cpp 2013-12-02 23:30:53 UTC (rev 159974)
@@ -295,7 +295,8 @@
m_totalBytesReceivedBeforePreviousHeartbeat = m_totalBytesReceived;
- m_originatingProgressFrame->loader().loadProgressingStatusChanged();
+ if (m_originatingProgressFrame)
+ m_originatingProgressFrame->loader().loadProgressingStatusChanged();
if (m_progressValue >= finalProgressValue)
m_progressHeartbeatTimer.stop();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
