Title: [196965] trunk/Source/WebCore
- Revision
- 196965
- Author
- [email protected]
- Date
- 2016-02-22 16:48:48 -0800 (Mon, 22 Feb 2016)
Log Message
REGRESSION (r196892): Crash in DocumentLoader::startLoadingMainResource()
https://bugs.webkit.org/show_bug.cgi?id=154563
<rdar://problem/24780678>
Reviewed by Alexey Proskuryakov.
Fixes an issue where the provisional loader may be deallocated when starting
a load. One example where this can occur is when cancelling the provisional load
as part of a form submission because the Content Security Policy of the page
blocks the submission (it violates the directive form-action).
This crash is covered by the test http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::startLoadingMainResource): Take a ref before calling
DocumentLoader::willSendRequest().
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (196964 => 196965)
--- trunk/Source/WebCore/ChangeLog 2016-02-23 00:40:16 UTC (rev 196964)
+++ trunk/Source/WebCore/ChangeLog 2016-02-23 00:48:48 UTC (rev 196965)
@@ -1,3 +1,22 @@
+2016-02-22 Daniel Bates <[email protected]>
+
+ REGRESSION (r196892): Crash in DocumentLoader::startLoadingMainResource()
+ https://bugs.webkit.org/show_bug.cgi?id=154563
+ <rdar://problem/24780678>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Fixes an issue where the provisional loader may be deallocated when starting
+ a load. One example where this can occur is when cancelling the provisional load
+ as part of a form submission because the Content Security Policy of the page
+ blocks the submission (it violates the directive form-action).
+
+ This crash is covered by the test http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::startLoadingMainResource): Take a ref before calling
+ DocumentLoader::willSendRequest().
+
2016-02-16 Ada Chan <[email protected]>
Implement basic functionality in WebVideoFullscreenInterfaceMac.
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (196964 => 196965)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-02-23 00:40:16 UTC (rev 196964)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-02-23 00:48:48 UTC (rev 196965)
@@ -1464,6 +1464,8 @@
ASSERT(timing().navigationStart());
ASSERT(!timing().fetchStart());
timing().markFetchStart();
+
+ Ref<DocumentLoader> protect(*this); // willSendRequest() may deallocate the provisional loader (which may be us) if it cancels the load.
willSendRequest(m_request, ResourceResponse());
// willSendRequest() may lead to our Frame being detached or cancelling the load via nulling the ResourceRequest.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
