Changeset 162830 in webkit


Ignore:
Timestamp:
Jan 27, 2014 12:27:01 AM (10 years ago)
Author:
Carlos Garcia Campos
Message:

[SOUP] WebProcess sometimes crashes when a download is cancelled
https://bugs.webkit.org/show_bug.cgi?id=127650

Reviewed by Martin Robinson.

The problem is that when the download is cancelled, the download
manager removes the download from the map and it's deleted. The
Download destructor calls platformInvalidate() that cancels the
resource handle if there's still one. We set to nullptr the
ResourceHandle when the download is cancelled to avoid cancelling
it twice, but it's done after calling Download::didCancel(). It
should be done before, because at that moment, when the download
is deleted, the resource handle pointer is still valid.

  • Shared/Downloads/soup/DownloadSoup.cpp:

(WebKit::Download::cancel):

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit2/ChangeLog

    r162795 r162830  
     12014-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [SOUP] WebProcess sometimes crashes when a download is cancelled
     4        https://bugs.webkit.org/show_bug.cgi?id=127650
     5
     6        Reviewed by Martin Robinson.
     7
     8        The problem is that when the download is cancelled, the download
     9        manager removes the download from the map and it's deleted. The
     10        Download destructor calls platformInvalidate() that cancels the
     11        resource handle if there's still one. We set to nullptr the
     12        ResourceHandle when the download is cancelled to avoid cancelling
     13        it twice, but it's done after calling Download::didCancel(). It
     14        should be done before, because at that moment, when the download
     15        is deleted, the resource handle pointer is still valid.
     16
     17        * Shared/Downloads/soup/DownloadSoup.cpp:
     18        (WebKit::Download::cancel):
     19
    1202014-01-25  Sam Weinig  <sam@webkit.org>
    221
  • trunk/Source/WebKit2/Shared/Downloads/soup/DownloadSoup.cpp

    r162599 r162830  
    234234    if (!m_resourceHandle)
    235235        return;
    236     static_cast<DownloadClient*>(m_downloadClient.get())->cancel(m_resourceHandle.get());
    237     m_resourceHandle = 0;
     236
     237    // Cancelling the download will delete it and platformInvalidate() will be called by the destructor.
     238    // So, we need to set m_resourceHandle to nullptr before actually cancelling the download to make sure
     239    // it won't be cancelled again by platformInvalidate. See https://bugs.webkit.org/show_bug.cgi?id=127650.
     240    RefPtr<ResourceHandle> resourceHandle = m_resourceHandle.release();
     241    static_cast<DownloadClient*>(m_downloadClient.get())->cancel(resourceHandle.get());
    238242}
    239243
Note: See TracChangeset for help on using the changeset viewer.