Changeset 174787 in webkit


Ignore:
Timestamp:
Oct 16, 2014 12:45:31 PM (10 years ago)
Author:
ap@apple.com
Message:

Crashes in ResourceHandleCFURLConnectionDelegateWithOperationQueue due to unimplemented retain/release
https://bugs.webkit.org/show_bug.cgi?id=137779
rdar://problem/18679320

Reviewed by Brady Eidson.

  • platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:

(WebCore::ResourceHandleCFURLConnectionDelegate::retain):
(WebCore::ResourceHandleCFURLConnectionDelegate::release):
(WebCore::ResourceHandleCFURLConnectionDelegate::makeConnectionClient):

  • platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:

Implemented retain/release. They are necessary, as ResourceHandle goes away when
it's canceled, and there is noone else to keep the client object alive but
CFURLConnection itself.

  • platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:

(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray):
Added a FIXME about potential improvements that I spotted while invsestigating this.

Location:
trunk/Source/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r174761 r174787  
     12014-10-16  Alexey Proskuryakov  <ap@apple.com>
     2
     3        Crashes in ResourceHandleCFURLConnectionDelegateWithOperationQueue due to unimplemented retain/release
     4        https://bugs.webkit.org/show_bug.cgi?id=137779
     5        rdar://problem/18679320
     6
     7        Reviewed by Brady Eidson.
     8
     9        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:
     10        (WebCore::ResourceHandleCFURLConnectionDelegate::retain):
     11        (WebCore::ResourceHandleCFURLConnectionDelegate::release):
     12        (WebCore::ResourceHandleCFURLConnectionDelegate::makeConnectionClient):
     13        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
     14        Implemented retain/release. They are necessary, as ResourceHandle goes away when
     15        it's canceled, and there is noone else to keep the client object alive but
     16        CFURLConnection itself.
     17
     18        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
     19        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
     20        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
     21        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
     22        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
     23        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
     24        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
     25        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge):
     26        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
     27        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
     28        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray):
     29        Added a FIXME about potential improvements that I spotted while invsestigating this.
     30
    1312014-10-15  Andrei Bucur  <abucur@adobe.com>
    232

  • trunk/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp

    r169082 r174787  
    5757}
    5858
     59const void* ResourceHandleCFURLConnectionDelegate::retain(const void* clientInfo)
     60{
     61    static_cast<ResourceHandleCFURLConnectionDelegate*>(const_cast<void*>(clientInfo))->ref();
     62    return clientInfo;
     63}
     64
     65void ResourceHandleCFURLConnectionDelegate::release(const void* clientInfo)
     66{
     67    static_cast<ResourceHandleCFURLConnectionDelegate*>(const_cast<void*>(clientInfo))->deref();
     68}
     69
    5970CFURLRequestRef ResourceHandleCFURLConnectionDelegate::willSendRequestCallback(CFURLConnectionRef, CFURLRequestRef cfRequest, CFURLResponseRef originalRedirectResponse, const void* clientInfo)
    6071{
     
    174185CFURLConnectionClient_V6 ResourceHandleCFURLConnectionDelegate::makeConnectionClient() const
    175186{
    176     CFURLConnectionClient_V6 client = { 6, this, 0, 0, 0,
     187    CFURLConnectionClient_V6 client = { 6, this,
     188        &ResourceHandleCFURLConnectionDelegate::retain,
     189        &ResourceHandleCFURLConnectionDelegate::release,
     190        0, // copyDescription
    177191        &ResourceHandleCFURLConnectionDelegate::willSendRequestCallback,
    178192        &ResourceHandleCFURLConnectionDelegate::didReceiveResponseCallback,

  • trunk/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegate.h

    r174244 r174787  
    6060
    6161private:
     62    static const void* retain(const void*);
     63    static void release(const void*);
    6264    static CFURLRequestRef willSendRequestCallback(CFURLConnectionRef, CFURLRequestRef, CFURLResponseRef, const void* clientInfo);
    6365    static void didReceiveResponseCallback(CFURLConnectionRef, CFURLResponseRef, const void* clientInfo);

  • trunk/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp

    r174244 r174787  
    102102    ASSERT(!isMainThread());
    103103
     104    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     105    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    104106    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    105107
     
    126128void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse(CFURLConnectionRef connection, CFURLResponseRef cfResponse)
    127129{
     130    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     131    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    128132    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    129133
     
    162166void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData(CFDataRef data, CFIndex originalLength)
    163167{
     168    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     169    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    164170    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    165171    CFRetain(data);
     
    178184void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading()
    179185{
     186    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     187    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    180188    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    181189    dispatch_async(dispatch_get_main_queue(), ^{
     
    191199void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail(CFErrorRef error)
    192200{
     201    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     202    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    193203    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    194204    CFRetain(error);
     
    206216CFCachedURLResponseRef ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse(CFCachedURLResponseRef cachedResponse)
    207217{
     218    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     219    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    208220    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    209221
     
    224236void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge(CFURLAuthChallengeRef challenge)
    225237{
     238    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     239    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    226240    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    227241    CFRetain(challenge);
     
    239253void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData(CFIndex totalBytesWritten, CFIndex totalBytesExpectedToWrite)
    240254{
     255    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     256    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    241257    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    242258    dispatch_async(dispatch_get_main_queue(), ^{
     
    258274Boolean ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace(CFURLProtectionSpaceRef protectionSpace)
    259275{
     276    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     277    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    260278    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    261279
     
    286304void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray(CFArrayRef dataArray)
    287305{
     306    // FIXME: The block implicitly copies protector object, which is wasteful. We should just call ref(),
     307    // capture "this" by pointer value, and use a C++ lambda to prevent other unintentional capturing.
    288308    RefPtr<ResourceHandleCFURLConnectionDelegateWithOperationQueue> protector(this);
    289309    CFRetain(dataArray);
Note: See TracChangeset for help on using the changeset viewer.