Changeset 130348 in webkit
- Timestamp:
- Oct 3, 2012 4:58:33 PM (12 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
platform/network/ResourceRequestBase.cpp (modified) (1 diff)
-
platform/network/soup/ResourceHandleSoup.cpp (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r130343 r130348 1 2012-10-03 Arnaud Renevier <a.renevier@sisa.samsung.com> 2 3 [soup] WebKit crashes when doing a http request 4 https://bugs.webkit.org/show_bug.cgi?id=98055 5 6 Reviewed by Martin Robinson. 7 8 On i386, (d->m_firstRequest.timeoutInterval() * 1000) results in 0 if 9 timeoutInterval() is INT_MAX. So, set default timeout to 0 to avoid 10 calling soup_add_timeout with a 0 value. 11 12 Also, if resource handle is deleted before "request-started" signal is 13 emitted, soupMessage handle points to a deleted object, and a crash 14 occurs. So, reset soupMessage handle data in 15 cleanupSoupRequestOperation so it won't happen anymore. 16 17 Lastly, if timeout occurs before request is completed, handle is 18 deleted, and crash occurs in sendRequestCallback due to an early 19 destroyed handle. To avoid that, call handle->cancel in 20 requestTimeoutCallback. There is no need to call 21 cleanupSoupRequestOperation anymore since handle->cancel will trigger 22 sendRequestCallback, and as handle is deleted, 23 cleanupSoupRequestOperation will be called automatically. 24 25 No new tests yet, tests will be added with the patch in bug 74802. 26 27 * platform/network/ResourceRequestBase.cpp: 28 (WebCore): 29 * platform/network/soup/ResourceHandleSoup.cpp: 30 (WebCore::cleanupSoupRequestOperation): 31 (WebCore::ResourceHandle::platformSetDefersLoading): 32 (WebCore::requestTimeoutCallback): 33 1 34 2012-10-03 Adam Barth <abarth@webkit.org> 2 35 -
trunk/Source/WebCore/platform/network/ResourceRequestBase.cpp
r130048 r130348 36 36 namespace WebCore { 37 37 38 #if ! PLATFORM(MAC) || USE(CFNETWORK)38 #if !USE(SOUP) && (!PLATFORM(MAC) || USE(CFNETWORK)) 39 39 double ResourceRequestBase::s_defaultTimeoutInterval = INT_MAX; 40 40 #else 41 41 // Will use NSURLRequest default timeout unless set to a non-zero value with setDefaultTimeoutInterval(). 42 // For libsoup the timeout enabled with integer milliseconds. We set 0 as the default value to avoid integer overflow. 42 43 double ResourceRequestBase::s_defaultTimeoutInterval = 0; 43 44 #endif -
trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
r130259 r130348 382 382 g_signal_handlers_disconnect_matched(d->m_soupMessage.get(), G_SIGNAL_MATCH_DATA, 383 383 0, 0, 0, 0, handle); 384 g_object_set_data(G_OBJECT(d->m_soupMessage.get()), "handle", 0); 384 385 d->m_soupMessage.clear(); 385 386 } … … 875 876 // Except when canceling a possible timeout timer, we only need to take action here to UN-defer loading. 876 877 if (defersLoading) { 877 g_source_destroy(d->m_timeoutSource.get()); 878 d->m_timeoutSource.clear(); 878 if (d->m_timeoutSource) { 879 g_source_destroy(d->m_timeoutSource.get()); 880 d->m_timeoutSource.clear(); 881 } 879 882 return; 880 883 } … … 1023 1026 timeoutError.setIsTimeout(true); 1024 1027 client->didFail(handle.get(), timeoutError); 1025 cleanupSoupRequestOperation(handle.get());1028 handle->cancel(); 1026 1029 1027 1030 return FALSE;
Note: See TracChangeset
for help on using the changeset viewer.
