Changeset 178937 in webkit

Timestamp:

Jan 22, 2015 1:04:39 PM (9 years ago)

Author:

ap@apple.com

Message:

Crash in URL::protocol() after appcache load fails
​https://bugs.webkit.org/show_bug.cgi?id=140755
rdar://problem/7881290

Reviewed by Dan Bates.

Source/WebCore:

Test: http/tests/appcache/404-resource-with-slow-main-resource.php

Not every cache that isn't being updated is complete. It could also be in a zombie
state after failing to load. We get rid of the cache once the main resource finishes
loading, but while it's being loaded, the zombie still looks like a regular
candidate application cache.

• loader/appcache/ApplicationCache.cpp: (WebCore::ApplicationCache::isComplete):
• loader/appcache/ApplicationCache.h:

Removed const from isComplete(), because otherwise we couldn't use ApplicationCacheGroup::m_caches.contains().
Constness doesn't make a lot of sense for these objects anyway.

• loader/appcache/ApplicationCacheGroup.cpp:

(WebCore::ApplicationCacheGroup::failedLoadingMainResource): Toned down an assertion.
We can fail a main resource load when the document has a zombie appcache, too.

• loader/appcache/ApplicationCacheGroup.h:

(WebCore::ApplicationCacheGroup::cacheIsComplete):
(WebCore::ApplicationCacheGroup::cacheIsBeingUpdated): Deleted.
These functions are only used in ApplicationCache::isComplete().

LayoutTests:

• http/tests/appcache/404-resource-with-slow-main-resource-expected.txt: Added.
• http/tests/appcache/404-resource-with-slow-main-resource.php: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/appcache/404-resource-with-slow-main-resource-expected.txt (added)
• LayoutTests/http/tests/appcache/404-resource-with-slow-main-resource.php (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/appcache/ApplicationCache.cpp (modified) (1 diff)
• Source/WebCore/loader/appcache/ApplicationCache.h (modified) (1 diff)
• Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp (modified) (1 diff)
• Source/WebCore/loader/appcache/ApplicationCacheGroup.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2015-01-22  Alexey Proskuryakov  <ap@apple.com>
+
+        Crash in URL::protocol() after appcache load fails
+        https://bugs.webkit.org/show_bug.cgi?id=140755
+        rdar://problem/7881290
+
+        Reviewed by Dan Bates.
+
+        * http/tests/appcache/404-resource-with-slow-main-resource-expected.txt: Added.
+        * http/tests/appcache/404-resource-with-slow-main-resource.php: Added.
+
 2015-01-22  Commit Queue  <commit-queue@webkit.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2015-01-22  Alexey Proskuryakov  <ap@apple.com>
+
+        Crash in URL::protocol() after appcache load fails
+        https://bugs.webkit.org/show_bug.cgi?id=140755
+        rdar://problem/7881290
+
+        Reviewed by Dan Bates.
+
+        Test: http/tests/appcache/404-resource-with-slow-main-resource.php
+
+        Not every cache that isn't being updated is complete. It could also be in a zombie
+        state after failing to load. We get rid of the cache once the main resource finishes
+        loading, but while it's being loaded, the zombie still looks like a regular
+        candidate application cache.
+
+        * loader/appcache/ApplicationCache.cpp: (WebCore::ApplicationCache::isComplete):
+        * loader/appcache/ApplicationCache.h:
+        Removed const from isComplete(), because otherwise we couldn't use ApplicationCacheGroup::m_caches.contains().
+        Constness doesn't make a lot of sense for these objects anyway.
+
+        * loader/appcache/ApplicationCacheGroup.cpp:
+        (WebCore::ApplicationCacheGroup::failedLoadingMainResource): Toned down an assertion.
+        We can fail a main resource load when the document has a zombie appcache, too.
+
+        * loader/appcache/ApplicationCacheGroup.h:
+        (WebCore::ApplicationCacheGroup::cacheIsComplete):
+        (WebCore::ApplicationCacheGroup::cacheIsBeingUpdated): Deleted.
+        These functions are only used in ApplicationCache::isComplete().
+
 2015-01-22  Grzegorz Czajkowski  <g.czajkowski@samsung.com>
 

trunk/Source/WebCore/loader/appcache/ApplicationCache.cpp

@@ -63 +63 @@
 }
 
-bool ApplicationCache::isComplete() const
-{
-    return !m_group->cacheIsBeingUpdated(this);
+bool ApplicationCache::isComplete()
+{
+    return m_group && m_group->cacheIsComplete(this);
 }
 

trunk/Source/WebCore/loader/appcache/ApplicationCache.h

@@ -63 +63 @@
     ApplicationCacheGroup* group() const { return m_group; }
 
-    bool isComplete() const;
+    bool isComplete();
 
     ApplicationCacheResource* resourceForRequest(const ResourceRequest&);

trunk/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp

@@ -301 +301 @@
         // Cache update failed, too.
         ASSERT(!m_cacheBeingUpdated); // Already cleared out by stopLoading().
-        ASSERT(!loader->applicationCacheHost()->applicationCache() || loader->applicationCacheHost()->applicationCache() == m_cacheBeingUpdated);
+        ASSERT(!loader->applicationCacheHost()->applicationCache() || loader->applicationCacheHost()->applicationCache()->group() == this);
 
         loader->applicationCacheHost()->setApplicationCache(0); // Will unset candidate, too.

trunk/Source/WebCore/loader/appcache/ApplicationCacheGroup.h

@@ -78 +78 @@
     void abort(Frame*);
 
-    bool cacheIsBeingUpdated(const ApplicationCache* cache) const { return cache == m_cacheBeingUpdated; }
+    bool cacheIsComplete(ApplicationCache* cache) { return m_caches.contains(cache); }
 
     void stopLoadingInFrame(Frame*);