Changeset 116719 in webkit

Timestamp:

May 10, 2012 7:31:26 PM (12 years ago)

Author:

ap@apple.com

Message:

Crash in 3rd party WebKit apps that disable cache at a wrong time
​https://bugs.webkit.org/show_bug.cgi?id=86027
<rdar://problem/10615880>

Reviewed by Antti Koivisto.

Source/WebCore:

Added an API test.

The fix is to use CachedResourceHandle throughout MemoryCache, which will certainly
keep the resource alive. Also removed earlier fixes.

• css/CSSImageSetValue.cpp: (WebCore::CSSImageSetValue::cachedImageSet):
• css/CSSImageValue.cpp: (WebCore::CSSImageValue::cachedImage):
• css/WebKitCSSShaderValue.cpp: (WebCore::WebKitCSSShaderValue::cachedShader):
• history/PageCache.cpp: (WebCore::PageCache::releaseAutoreleasedPagesNow):
• loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement):
• loader/TextTrackLoader.cpp: (WebCore::TextTrackLoader::load):
• loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestImage):
(WebCore::CachedResourceLoader::requestFont):
(WebCore::CachedResourceLoader::requestTextTrack):
(WebCore::CachedResourceLoader::requestShader):
(WebCore::CachedResourceLoader::requestCSSStyleSheet):
(WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
(WebCore::CachedResourceLoader::requestScript):
(WebCore::CachedResourceLoader::requestXSLStyleSheet):
(WebCore::CachedResourceLoader::requestSVGDocument):
(WebCore::CachedResourceLoader::requestLinkResource):
(WebCore::CachedResourceLoader::requestRawResource):
(WebCore::CachedResourceLoader::requestResource):
(WebCore::CachedResourceLoader::revalidateResource):
(WebCore::CachedResourceLoader::loadResource):
(WebCore::CachedResourceLoader::requestPreload):

• loader/cache/CachedResourceLoader.h: (CachedResourceLoader):
• loader/cache/MemoryCache.h: (WebCore::MemoryCache::setPruneEnabled):

• loader/cache/CachedResourceHandle.h:

(WebCore::CachedResourceHandle::CachedResourceHandle):
(WebCore::CachedResourceHandle::operator=):
Teach CachedResourceHandle how to make CachedResourceHandle<CachedResource> from
a handle to subclass.

Tools:

Added a test that's very similar to MemoryCachePruneWithinResourceLoadDelegate,
but for disabling the cache instead of triggering a prune.

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/mac/MemoryCacheDisableWithinResourceLoadDelegate.html: Added.
• TestWebKitAPI/Tests/mac/MemoryCacheDisableWithinResourceLoadDelegate.mm: Added.

(-[MemoryCacheDisableTestResourceLoadDelegate webView:identifierForInitialRequest:fromDataSource:]):
(-[MemoryCacheDisableTestResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
(-[MemoryCacheDisableTestResourceLoadDelegate webView:resource:didFinishLoadingFromDataSource:]):
(-[MemoryCacheDisableTestResourceLoadDelegate webView:resource:didFailLoadingWithError:fromDataSource:]):
(TestWebKitAPI::TEST):

Location:

trunk

Files:

• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/css/CSSImageSetValue.cpp (modified) (1 diff)
• Source/WebCore/css/CSSImageValue.cpp (modified) (1 diff)
• Source/WebCore/css/WebKitCSSShaderValue.cpp (modified) (1 diff)
• Source/WebCore/history/PageCache.cpp (modified) (2 diffs)
• Source/WebCore/loader/ImageLoader.cpp (modified) (2 diffs)
• Source/WebCore/loader/TextTrackLoader.cpp (modified) (1 diff)
• Source/WebCore/loader/cache/CachedResourceHandle.h (modified) (2 diffs)
• Source/WebCore/loader/cache/CachedResourceLoader.cpp (modified) (13 diffs)
• Source/WebCore/loader/cache/CachedResourceLoader.h (modified) (2 diffs)
• Source/WebCore/loader/cache/MemoryCache.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (modified) (6 diffs)
• Tools/TestWebKitAPI/Tests/mac/MemoryCacheDisableWithinResourceLoadDelegate.html (added)
• Tools/TestWebKitAPI/Tests/mac/MemoryCacheDisableWithinResourceLoadDelegate.mm (added)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-05-10  Alexey Proskuryakov  <ap@apple.com>
+
+        Crash in 3rd party WebKit apps that disable cache at a wrong time
+        https://bugs.webkit.org/show_bug.cgi?id=86027
+        <rdar://problem/10615880>
+
+        Reviewed by Antti Koivisto.
+
+        Added an API test.
+
+        The fix is to use CachedResourceHandle throughout MemoryCache, which will certainly
+        keep the resource alive. Also removed earlier fixes.
+
+        * css/CSSImageSetValue.cpp: (WebCore::CSSImageSetValue::cachedImageSet):
+        * css/CSSImageValue.cpp: (WebCore::CSSImageValue::cachedImage):
+        * css/WebKitCSSShaderValue.cpp: (WebCore::WebKitCSSShaderValue::cachedShader):
+        * history/PageCache.cpp: (WebCore::PageCache::releaseAutoreleasedPagesNow):
+        * loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement):
+        * loader/TextTrackLoader.cpp: (WebCore::TextTrackLoader::load):
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::requestImage):
+        (WebCore::CachedResourceLoader::requestFont):
+        (WebCore::CachedResourceLoader::requestTextTrack):
+        (WebCore::CachedResourceLoader::requestShader):
+        (WebCore::CachedResourceLoader::requestCSSStyleSheet):
+        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
+        (WebCore::CachedResourceLoader::requestScript):
+        (WebCore::CachedResourceLoader::requestXSLStyleSheet):
+        (WebCore::CachedResourceLoader::requestSVGDocument):
+        (WebCore::CachedResourceLoader::requestLinkResource):
+        (WebCore::CachedResourceLoader::requestRawResource):
+        (WebCore::CachedResourceLoader::requestResource):
+        (WebCore::CachedResourceLoader::revalidateResource):
+        (WebCore::CachedResourceLoader::loadResource):
+        (WebCore::CachedResourceLoader::requestPreload):
+        * loader/cache/CachedResourceLoader.h: (CachedResourceLoader):
+        * loader/cache/MemoryCache.h: (WebCore::MemoryCache::setPruneEnabled):
+
+        * loader/cache/CachedResourceHandle.h:
+        (WebCore::CachedResourceHandle::CachedResourceHandle):
+        (WebCore::CachedResourceHandle::operator=):
+        Teach CachedResourceHandle how to make CachedResourceHandle<CachedResource> from
+        a handle to subclass.
+
 2012-05-10  Tien-Ren Chen  <trchen@chromium.org>
 

trunk/Source/WebCore/css/CSSImageSetValue.cpp

@@ -107 +107 @@
         ImageWithScale image = bestImageForScaleFactor();
         ResourceRequest request(loader->document()->completeURL(image.imageURL));
-        if (CachedImage* cachedImage = loader->requestImage(request)) {
-            m_imageSet = StyleCachedImageSet::create(cachedImage, image.scaleFactor, this);
+        if (CachedResourceHandle<CachedImage> cachedImage = loader->requestImage(request)) {
+            m_imageSet = StyleCachedImageSet::create(cachedImage.get(), image.scaleFactor, this);
             m_accessedBestFitImage = true;
         }

trunk/Source/WebCore/css/CSSImageValue.cpp

@@ -83 +83 @@
 
         ResourceRequest request(loader->document()->completeURL(url));
-        if (CachedImage* cachedImage = loader->requestImage(request))
-            m_image = StyleCachedImage::create(cachedImage);
+        if (CachedResourceHandle<CachedImage> cachedImage = loader->requestImage(request))
+            m_image = StyleCachedImage::create(cachedImage.get());
     }
 

trunk/Source/WebCore/css/WebKitCSSShaderValue.cpp

@@ -60 +60 @@
 
         ResourceRequest request(loader->document()->completeURL(m_url));
-        if (CachedShader* cachedShader = loader->requestShader(request))
-            m_shader = StyleCachedShader::create(cachedShader);
+        if (CachedResourceHandle<CachedShader> cachedShader = loader->requestShader(request))
+            m_shader = StyleCachedShader::create(cachedShader.get());
     }
 

trunk/Source/WebCore/history/PageCache.cpp

@@ -536 +536 @@
 
     // Postpone dead pruning until all our resources have gone dead.
-    bool pruneWasEnabled = memoryCache()->pruneEnabled();
     memoryCache()->setPruneEnabled(false);
 
@@ -547 +546 @@
 
     // Now do the prune.
-    if (pruneWasEnabled) {
-        memoryCache()->setPruneEnabled(true);
-        memoryCache()->prune();
-    }
+    memoryCache()->setPruneEnabled(true);
+    memoryCache()->prune();
 }
 

trunk/Source/WebCore/loader/ImageLoader.cpp

@@ -155 +155 @@
     // Do not load any image if the 'src' attribute is missing or if it is
     // an empty string.
-    CachedImage* newImage = 0;
+    CachedResourceHandle<CachedImage> newImage = 0;
     if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) {
         ResourceRequest request = ResourceRequest(document->completeURL(sourceURI(attr)));
@@ -171 +171 @@
             newImage->setLoading(true);
             newImage->setOwningCachedResourceLoader(document->cachedResourceLoader());
-            document->cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage);
+            document->cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage.get());
             document->cachedResourceLoader()->setAutoLoadImages(autoLoadOtherImages);
         } else

trunk/Source/WebCore/loader/TextTrackLoader.cpp

@@ -168 +168 @@
 
     CachedResourceLoader* cachedResourceLoader = document->cachedResourceLoader();
-    m_cachedCueData = static_cast<CachedTextTrack*>(cachedResourceLoader->requestTextTrack(cueRequest));
+    m_cachedCueData = cachedResourceLoader->requestTextTrack(cueRequest);
     if (m_cachedCueData)
         m_cachedCueData->addClient(this);

trunk/Source/WebCore/loader/cache/CachedResourceHandle.h

@@ -62 +62 @@
         CachedResourceHandle(R* res) : CachedResourceHandleBase(res) { }
         CachedResourceHandle(const CachedResourceHandle<R>& o) : CachedResourceHandleBase(o) { }
+        template<typename U> CachedResourceHandle(const CachedResourceHandle<U>& o) : CachedResourceHandleBase(o.get()) { }
 
         R* get() const { return reinterpret_cast<R*>(CachedResourceHandleBase::get()); }
@@ -68 +69 @@
         CachedResourceHandle& operator=(R* res) { setResource(res); return *this; } 
         CachedResourceHandle& operator=(const CachedResourceHandle& o) { setResource(o.get()); return *this; }
+        template<typename U> CachedResourceHandle& operator=(const CachedResourceHandle<U>& o) { setResource(o.get()); return *this; }
+
         bool operator==(const CachedResourceHandleBase& o) const { return get() == o.get(); }
         bool operator!=(const CachedResourceHandleBase& o) const { return get() != o.get(); }

trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

@@ -152 +152 @@
 }
 
-CachedImage* CachedResourceLoader::requestImage(ResourceRequest& request)
+CachedResourceHandle<CachedImage> CachedResourceLoader::requestImage(ResourceRequest& request)
 {
     if (Frame* f = frame()) {
@@ -162 +162 @@
         }
     }
-    CachedImage* resource = static_cast<CachedImage*>(requestResource(CachedResource::ImageResource, request, String(), defaultCachedResourceOptions()));
+    CachedResourceHandle<CachedImage> resource(static_cast<CachedImage*>(requestResource(CachedResource::ImageResource, request, String(), defaultCachedResourceOptions()).get()));
     if (autoLoadImages() && resource && resource->stillNeedsLoad())
         resource->load(this, defaultCachedResourceOptions());
@@ -168 +168 @@
 }
 
-CachedFont* CachedResourceLoader::requestFont(ResourceRequest& request)
-{
-    return static_cast<CachedFont*>(requestResource(CachedResource::FontResource, request, String(), defaultCachedResourceOptions()));
+CachedResourceHandle<CachedFont> CachedResourceLoader::requestFont(ResourceRequest& request)
+{
+    return static_cast<CachedFont*>(requestResource(CachedResource::FontResource, request, String(), defaultCachedResourceOptions()).get());
 }
 
 #if ENABLE(VIDEO_TRACK)
-CachedTextTrack* CachedResourceLoader::requestTextTrack(ResourceRequest& request)
-{
-    return static_cast<CachedTextTrack*>(requestResource(CachedResource::TextTrackResource, request, String(), defaultCachedResourceOptions()));
+CachedResourceHandle<CachedTextTrack> CachedResourceLoader::requestTextTrack(ResourceRequest& request)
+{
+    return static_cast<CachedTextTrack*>(requestResource(CachedResource::TextTrackResource, request, String(), defaultCachedResourceOptions()).get());
 }
 #endif
 
 #if ENABLE(CSS_SHADERS)
-CachedShader* CachedResourceLoader::requestShader(ResourceRequest& request)
-{
-    return static_cast<CachedShader*>(requestResource(CachedResource::ShaderResource, request, String(), defaultCachedResourceOptions()));
-}
-#endif
-
-CachedCSSStyleSheet* CachedResourceLoader::requestCSSStyleSheet(ResourceRequest& request, const String& charset, ResourceLoadPriority priority)
-{
-    return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSSStyleSheet, request, charset, defaultCachedResourceOptions(), priority));
-}
-
-CachedCSSStyleSheet* CachedResourceLoader::requestUserCSSStyleSheet(ResourceRequest& request, const String& charset)
+CachedResourceHandle<CachedShader> CachedResourceLoader::requestShader(ResourceRequest& request)
+{
+    return static_cast<CachedShader*>(requestResource(CachedResource::ShaderResource, request, String(), defaultCachedResourceOptions()).get());
+}
+#endif
+
+CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestCSSStyleSheet(ResourceRequest& request, const String& charset, ResourceLoadPriority priority)
+{
+    return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSSStyleSheet, request, charset, defaultCachedResourceOptions(), priority).get());
+}
+
+CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSStyleSheet(ResourceRequest& request, const String& charset)
 {
     KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(request.url());
@@ -204 +204 @@
         request.setURL(url);
 
-    CachedCSSStyleSheet* userSheet = new CachedCSSStyleSheet(request, charset);
-    
-    bool inCache = memoryCache()->add(userSheet);
-    if (!inCache)
-        userSheet->setInCache(true);
+    CachedResourceHandle<CachedCSSStyleSheet> userSheet = new CachedCSSStyleSheet(request, charset);
+
+    memoryCache()->add(userSheet.get());
+    // FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too?
 
     userSheet->load(this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck));
-
-    if (!inCache)
-        userSheet->setInCache(false);
     
     return userSheet;
 }
 
-CachedScript* CachedResourceLoader::requestScript(ResourceRequest& request, const String& charset)
-{
-    return static_cast<CachedScript*>(requestResource(CachedResource::Script, request, charset, defaultCachedResourceOptions()));
+CachedResourceHandle<CachedScript> CachedResourceLoader::requestScript(ResourceRequest& request, const String& charset)
+{
+    return static_cast<CachedScript*>(requestResource(CachedResource::Script, request, charset, defaultCachedResourceOptions()).get());
 }
 
 #if ENABLE(XSLT)
-CachedXSLStyleSheet* CachedResourceLoader::requestXSLStyleSheet(ResourceRequest& request)
-{
-    return static_cast<CachedXSLStyleSheet*>(requestResource(CachedResource::XSLStyleSheet, request, String(), defaultCachedResourceOptions()));
+CachedResourceHandle<CachedXSLStyleSheet> CachedResourceLoader::requestXSLStyleSheet(ResourceRequest& request)
+{
+    return static_cast<CachedXSLStyleSheet*>(requestResource(CachedResource::XSLStyleSheet, request, String(), defaultCachedResourceOptions()).get());
 }
 #endif
 
 #if ENABLE(SVG)
-CachedSVGDocument* CachedResourceLoader::requestSVGDocument(ResourceRequest& request)
-{
-    return static_cast<CachedSVGDocument*>(requestResource(CachedResource::SVGDocumentResource, request, request.url(), defaultCachedResourceOptions()));
+CachedResourceHandle<CachedSVGDocument> CachedResourceLoader::requestSVGDocument(ResourceRequest& request)
+{
+    return static_cast<CachedSVGDocument*>(requestResource(CachedResource::SVGDocumentResource, request, request.url(), defaultCachedResourceOptions()).get());
 }
 #endif
 
 #if ENABLE(LINK_PREFETCH)
-CachedResource* CachedResourceLoader::requestLinkResource(CachedResource::Type type, ResourceRequest& request, ResourceLoadPriority priority)
+CachedResourceHandle<CachedResource> CachedResourceLoader::requestLinkResource(CachedResource::Type type, ResourceRequest& request, ResourceLoadPriority priority)
 {
     ASSERT(frame());
@@ -246 +242 @@
 #endif
 
-CachedRawResource* CachedResourceLoader::requestRawResource(ResourceRequest& request, const ResourceLoaderOptions& options)
-{
-    return static_cast<CachedRawResource*>(requestResource(CachedResource::RawResource, request, String(), options, ResourceLoadPriorityUnresolved, false));
+CachedResourceHandle<CachedRawResource> CachedResourceLoader::requestRawResource(ResourceRequest& request, const ResourceLoaderOptions& options)
+{
+    return static_cast<CachedRawResource*>(requestResource(CachedResource::RawResource, request, String(), options, ResourceLoadPriorityUnresolved, false).get());
 }
 
@@ -411 +407 @@
 }
 
-CachedResource* CachedResourceLoader::requestResource(CachedResource::Type type, ResourceRequest& request, const String& charset, const ResourceLoaderOptions& options, ResourceLoadPriority priority, bool forPreload)
+CachedResourceHandle<CachedResource> CachedResourceLoader::requestResource(CachedResource::Type type, ResourceRequest& request, const String& charset, const ResourceLoaderOptions& options, ResourceLoadPriority priority, bool forPreload)
 {
     KURL url = request.url();
@@ -435 +431 @@
 
     // See if we can use an existing resource from the cache.
-    CachedResource* resource = memoryCache()->resourceForURL(url);
+    CachedResourceHandle<CachedResource> resource = memoryCache()->resourceForURL(url);
 
     if (request.url() != url)
         request.setURL(url);
 
-    switch (determineRevalidationPolicy(type, request, forPreload, resource)) {
+    switch (determineRevalidationPolicy(type, request, forPreload, resource.get())) {
     case Load:
         resource = loadResource(type, request, charset, priority, options);
         break;
     case Reload:
-        memoryCache()->remove(resource);
+        memoryCache()->remove(resource.get());
         resource = loadResource(type, request, charset, priority, options);
         break;
     case Revalidate:
-        resource = revalidateResource(resource, priority, options);
+        resource = revalidateResource(resource.get(), priority, options);
         break;
     case Use:
-        memoryCache()->resourceAccessed(resource);
-        notifyLoadedFromMemoryCache(resource);
+        memoryCache()->resourceAccessed(resource.get());
+        notifyLoadedFromMemoryCache(resource.get());
         break;
     }
@@ -464 +460 @@
     return resource;
 }
-    
-CachedResource* CachedResourceLoader::revalidateResource(CachedResource* resource, ResourceLoadPriority priority, const ResourceLoaderOptions& options)
+
+CachedResourceHandle<CachedResource> CachedResourceLoader::revalidateResource(CachedResource* resource, ResourceLoadPriority priority, const ResourceLoaderOptions& options)
 {
     ASSERT(resource);
@@ -476 +472 @@
     String url = resource->url();
     bool urlProtocolIsData = resource->url().protocolIsData();
-    CachedResource* newResource = createResource(resource->type(), resource->resourceRequest(), resource->encoding());
-    
-    LOG(ResourceLoading, "Resource %p created to revalidate %p", newResource, resource);
+    CachedResourceHandle<CachedResource> newResource = createResource(resource->type(), resource->resourceRequest(), resource->encoding());
+    
+    LOG(ResourceLoading, "Resource %p created to revalidate %p", newResource.get(), resource);
     newResource->setResourceToRevalidate(resource);
     
     memoryCache()->remove(resource);
-    memoryCache()->add(newResource);
+    memoryCache()->add(newResource.get());
     
     newResource->setLoadPriority(priority);
@@ -492 +488 @@
 }
 
-CachedResource* CachedResourceLoader::loadResource(CachedResource::Type type, ResourceRequest& request, const String& charset, ResourceLoadPriority priority, const ResourceLoaderOptions& options)
+CachedResourceHandle<CachedResource> CachedResourceLoader::loadResource(CachedResource::Type type, ResourceRequest& request, const String& charset, ResourceLoadPriority priority, const ResourceLoaderOptions& options)
 {
     ASSERT(!memoryCache()->resourceForURL(request.url()));
@@ -498 +494 @@
     LOG(ResourceLoading, "Loading CachedResource for '%s'.", request.url().string().latin1().data());
     
-    CachedResource* resource = createResource(type, request, charset);
-    
-    bool inCache = memoryCache()->add(resource);
-    
-    // Pretend the resource is in the cache, to prevent it from being deleted during the load() call.
-    // FIXME: CachedResource should just use normal refcounting instead.
+    CachedResourceHandle<CachedResource> resource = createResource(type, request, charset);
+    
+    bool inCache = memoryCache()->add(resource.get());
+    
+    resource->setLoadPriority(priority);
+    resource->load(this, options);
+    
     if (!inCache)
-        resource->setInCache(true);
-    
-    resource->setLoadPriority(priority);
-    
-    bool wasPruneEnabled = memoryCache()->pruneEnabled();
-    memoryCache()->setPruneEnabled(false);
-    resource->load(this, options);
-    memoryCache()->setPruneEnabled(wasPruneEnabled);
-    
-    if (!inCache) {
         resource->setOwningCachedResourceLoader(this);
-        resource->setInCache(false);
-    }
 
     // We don't support immediate loads, but we do support immediate failure.
     if (resource->errorOccurred()) {
         if (inCache)
-            memoryCache()->remove(resource);
-        else
-            delete resource;
+            memoryCache()->remove(resource.get());
         return 0;
     }
@@ -782 +765 @@
         encoding = charset.isEmpty() ? m_document->charset() : charset;
 
-    CachedResource* resource = requestResource(type, request, encoding, defaultCachedResourceOptions(), ResourceLoadPriorityUnresolved, true);
-    if (!resource || (m_preloads && m_preloads->contains(resource)))
+    CachedResourceHandle<CachedResource> resource = requestResource(type, request, encoding, defaultCachedResourceOptions(), ResourceLoadPriorityUnresolved, true);
+    if (!resource || (m_preloads && m_preloads->contains(resource.get())))
         return;
     resource->increasePreloadCount();
@@ -789 +772 @@
     if (!m_preloads)
         m_preloads = adoptPtr(new ListHashSet<CachedResource*>);
-    m_preloads->add(resource);
+    m_preloads->add(resource.get());
 
 #if PRELOAD_DEBUG

trunk/Source/WebCore/loader/cache/CachedResourceLoader.h

@@ -64 +64 @@
     ~CachedResourceLoader();
 
-    CachedImage* requestImage(ResourceRequest&);
-    CachedCSSStyleSheet* requestCSSStyleSheet(ResourceRequest&, const String& charset, ResourceLoadPriority = ResourceLoadPriorityUnresolved);
-    CachedCSSStyleSheet* requestUserCSSStyleSheet(ResourceRequest&, const String& charset);
-    CachedScript* requestScript(ResourceRequest&, const String& charset);
-    CachedFont* requestFont(ResourceRequest&);
-    CachedRawResource* requestRawResource(ResourceRequest&, const ResourceLoaderOptions&);
+    CachedResourceHandle<CachedImage> requestImage(ResourceRequest&);
+    CachedResourceHandle<CachedCSSStyleSheet> requestCSSStyleSheet(ResourceRequest&, const String& charset, ResourceLoadPriority = ResourceLoadPriorityUnresolved);
+    CachedResourceHandle<CachedCSSStyleSheet> requestUserCSSStyleSheet(ResourceRequest&, const String& charset);
+    CachedResourceHandle<CachedScript> requestScript(ResourceRequest&, const String& charset);
+    CachedResourceHandle<CachedFont> requestFont(ResourceRequest&);
+    CachedResourceHandle<CachedRawResource> requestRawResource(ResourceRequest&, const ResourceLoaderOptions&);
 
 #if ENABLE(SVG)
-    CachedSVGDocument* requestSVGDocument(ResourceRequest&);
+    CachedResourceHandle<CachedSVGDocument> requestSVGDocument(ResourceRequest&);
 #endif
 #if ENABLE(XSLT)
-    CachedXSLStyleSheet* requestXSLStyleSheet(ResourceRequest&);
+    CachedResourceHandle<CachedXSLStyleSheet> requestXSLStyleSheet(ResourceRequest&);
 #endif
 #if ENABLE(LINK_PREFETCH)
-    CachedResource* requestLinkResource(CachedResource::Type, ResourceRequest&, ResourceLoadPriority = ResourceLoadPriorityUnresolved);
+    CachedResourceHandle<CachedResource> requestLinkResource(CachedResource::Type, ResourceRequest&, ResourceLoadPriority = ResourceLoadPriorityUnresolved);
 #endif
 #if ENABLE(VIDEO_TRACK)
-    CachedTextTrack* requestTextTrack(ResourceRequest&);
+    CachedResourceHandle<CachedTextTrack> requestTextTrack(ResourceRequest&);
 #endif
 #if ENABLE(CSS_SHADERS)
-    CachedShader* requestShader(ResourceRequest&);
+    CachedResourceHandle<CachedShader> requestShader(ResourceRequest&);
 #endif
 
@@ -120 +120 @@
     
 private:
-    CachedResource* requestResource(CachedResource::Type, ResourceRequest&, const String& charset, const ResourceLoaderOptions&, ResourceLoadPriority = ResourceLoadPriorityUnresolved, bool isPreload = false);
-    CachedResource* revalidateResource(CachedResource*, ResourceLoadPriority, const ResourceLoaderOptions&);
-    CachedResource* loadResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority, const ResourceLoaderOptions&);
+    CachedResourceHandle<CachedResource> requestResource(CachedResource::Type, ResourceRequest&, const String& charset, const ResourceLoaderOptions&, ResourceLoadPriority = ResourceLoadPriorityUnresolved, bool isPreload = false);
+    CachedResourceHandle<CachedResource> revalidateResource(CachedResource*, ResourceLoadPriority, const ResourceLoaderOptions&);
+    CachedResourceHandle<CachedResource> loadResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority, const ResourceLoaderOptions&);
     void requestPreload(CachedResource::Type, ResourceRequest&, const String& charset);
 

trunk/Source/WebCore/loader/cache/MemoryCache.h

@@ -130 +130 @@
     
     void setPruneEnabled(bool enabled) { m_pruneEnabled = enabled; }
-    bool pruneEnabled() const { return m_pruneEnabled; }
     void prune();
     void pruneToPercentage(float targetPercentLive);

trunk/Tools/ChangeLog

@@ +1 @@
+2012-05-10  Alexey Proskuryakov  <ap@apple.com>
+
+        Crash in 3rd party WebKit apps that disable cache at a wrong time
+        https://bugs.webkit.org/show_bug.cgi?id=86027
+        <rdar://problem/10615880>
+
+        Reviewed by Antti Koivisto.
+
+        Added a test that's very similar to MemoryCachePruneWithinResourceLoadDelegate,
+        but for disabling the cache instead of triggering a prune.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/mac/MemoryCacheDisableWithinResourceLoadDelegate.html: Added.
+        * TestWebKitAPI/Tests/mac/MemoryCacheDisableWithinResourceLoadDelegate.mm: Added.
+        (-[MemoryCacheDisableTestResourceLoadDelegate webView:identifierForInitialRequest:fromDataSource:]):
+        (-[MemoryCacheDisableTestResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
+        (-[MemoryCacheDisableTestResourceLoadDelegate webView:resource:didFinishLoadingFromDataSource:]):
+        (-[MemoryCacheDisableTestResourceLoadDelegate webView:resource:didFailLoadingWithError:fromDataSource:]):
+        (TestWebKitAPI::TEST):
+
 2012-05-10  Anders Carlsson  <andersca@apple.com>
 

trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

@@ -142 +142 @@
                 C540F776152E4DA000A40C8C /* SimplifyMarkup.mm in Sources */ = {isa = PBXBuildFile; fileRef = C540F775152E4DA000A40C8C /* SimplifyMarkup.mm */; };
                 C540F784152E5A9A00A40C8C /* verboseMarkup.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = C540F783152E5A7800A40C8C /* verboseMarkup.html */; };
+                E1220DA0155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm in Sources */ = {isa = PBXBuildFile; fileRef = E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */; };
+                E1220DCA155B28AA0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */; };
                 E490296814E2E3A4002BEDD1 /* TypingStyleCrash.mm in Sources */ = {isa = PBXBuildFile; fileRef = E490296714E2E3A4002BEDD1 /* TypingStyleCrash.mm */; };
                 F3FC3EE313678B7300126A65 /* libgtest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = F3FC3EE213678B7300126A65 /* libgtest.a */; };
@@ -183 +185 @@
                                 76E182DF154767E600F1FADD /* auto-submitting-form.html in Copy Resources */,
                                 5142B2731517C8C800C32B19 /* ContextMenuCanCopyURL.html in Copy Resources */,
+                                E1220DCA155B28AA0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html in Copy Resources */,
                                 517E7E04151119C100D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html in Copy Resources */,
                                 379028B914FAC24C007E6B43 /* acceptsFirstMouse.html in Copy Resources */,
@@ -361 +364 @@
                 C540F775152E4DA000A40C8C /* SimplifyMarkup.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SimplifyMarkup.mm; sourceTree = "<group>"; };
                 C540F783152E5A7800A40C8C /* verboseMarkup.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = verboseMarkup.html; sourceTree = "<group>"; };
+                E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MemoryCacheDisableWithinResourceLoadDelegate.mm; sourceTree = "<group>"; };
+                E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = MemoryCacheDisableWithinResourceLoadDelegate.html; sourceTree = "<group>"; };
                 E490296714E2E3A4002BEDD1 /* TypingStyleCrash.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = TypingStyleCrash.mm; sourceTree = "<group>"; };
                 F3FC3EE213678B7300126A65 /* libgtest.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libgtest.a; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -655 +660 @@
                                 939BA91614103412001A01BD /* DeviceScaleFactorOnBack.mm */,
                                 C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
+                                E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */,
                                 517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */,
                                 3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */,
@@ -674 +680 @@
                                 5142B2721517C89100C32B19 /* ContextMenuCanCopyURL.html */,
                                 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */,
+                                E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */,
+                                517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */,
                                 C07E6CB113FD738A0038B22B /* devicePixelRatio.html */,
-                                517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */,
                                 C540F783152E5A7800A40C8C /* verboseMarkup.html */,
                         );
@@ -879 +886 @@
                                 51393E201523944A005F39C5 /* DOMWindowExtensionBasic.cpp in Sources */,
                                 76E182DA1547550100F1FADD /* WillSendSubmitEvent.cpp in Sources */,
+                                E1220DA0155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm in Sources */,
                                 F6F49C6915545C8E0007F39D /* DOMWindowExtensionNoCache.cpp in Sources */,
                         );