Changeset 169472 in webkit

Timestamp:

May 29, 2014 4:04:30 PM (10 years ago)

Author:

ap@apple.com

Message:

Loading <object> from WebArchive crashes
​https://bugs.webkit.org/show_bug.cgi?id=133386
<rdar://problem/13345509>

Reviewed by Brady Eidson.

Source/WebCore:
Test: webarchive/loading/object.html

This (a) fixes the crash, and (b) avoids the crash.

• loader/DocumentLoader.cpp: (WebCore::DocumentLoader::continueAfterContentPolicy):

Some types of substitute data - such as WebArchive - don't contain HTTP result codes,
so let's not drop to <object> fallback content when status is 0.
And if the load somehow failed anyway, don't crash by trying to deliver substitute data
to a finished loader.

LayoutTests:

• webarchive/loading/object-expected.txt: Added.
• webarchive/loading/object.html: Added.
• webarchive/loading/resources/object.webarchive: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/webarchive/loading/object-expected.txt (added)
• LayoutTests/webarchive/loading/object.html (added)
• LayoutTests/webarchive/loading/resources/object.webarchive (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/DocumentLoader.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2014-05-29  Alexey Proskuryakov  <ap@apple.com>
+
+        Loading <object> from WebArchive crashes
+        https://bugs.webkit.org/show_bug.cgi?id=133386
+        <rdar://problem/13345509>
+
+        Reviewed by Brady Eidson.
+
+        * webarchive/loading/object-expected.txt: Added.
+        * webarchive/loading/object.html: Added.
+        * webarchive/loading/resources/object.webarchive: Added.
+
 2014-05-29  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-05-29  Alexey Proskuryakov  <ap@apple.com>
+
+        Loading <object> from WebArchive crashes
+        https://bugs.webkit.org/show_bug.cgi?id=133386
+        <rdar://problem/13345509>
+
+        Reviewed by Brady Eidson.
+
+        Test: webarchive/loading/object.html
+
+        This (a) fixes the crash, and (b) avoids the crash.
+
+        * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::continueAfterContentPolicy):
+        Some types of substitute data - such as WebArchive - don't contain HTTP result codes,
+        so let's not drop to <object> fallback content when status is 0.
+        And if the load somehow failed anyway, don't crash by trying to deliver substitute data
+        to a finished loader.
+
 2014-05-29  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebCore/loader/DocumentLoader.cpp

@@ -734 +734 @@
 
     if (m_response.isHTTP()) {
-        int status = m_response.httpStatusCode();
-        if (status < 200 || status >= 300) {
+        int status = m_response.httpStatusCode(); // Status may be zero when loading substitute data, in particular from a WebArchive.
+        if (status && (status < 200 || status >= 300)) {
             bool hostedByObject = frameLoader()->isHostedByObjectElement();
 
@@ -747 +747 @@
     }
 
-    if (!isStopping() && m_substituteData.isValid()) {
+    if (!isStopping() && m_substituteData.isValid() && isLoadingMainResource()) {
         if (m_substituteData.content()->size())
             dataReceived(0, m_substituteData.content()->data(), m_substituteData.content()->size());