Changeset 247874 in webkit
- Timestamp:
- Jul 26, 2019 1:46:48 PM (5 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r247873 r247874 1 2019-07-26 Takashi Komori <Takashi.Komori@sony.com> 2 3 [curl] Heap corruption in ~CurlResponse 4 https://bugs.webkit.org/show_bug.cgi?id=198320 5 6 Reviewed by Fujii Hironori. 7 8 Stop sharing object which was reffered by two threads to fix crash bug. 9 10 No tests needed, no functionality changes. 11 12 * platform/network/curl/CurlRequest.cpp: 13 (WebCore::CurlRequest::start): 14 (WebCore::CurlRequest::invokeDidReceiveResponseForFile): 15 * platform/network/curl/CurlRequest.h: 16 1 17 2019-07-26 Youenn Fablet <youenn@apple.com> 2 18 -
trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp
r246401 r247874 36 36 #include "ResourceError.h" 37 37 #include "SharedBuffer.h" 38 #include <wtf/CrossThreadCopier.h> 38 39 #include <wtf/Language.h> 39 40 #include <wtf/MainThread.h> … … 107 108 ASSERT(isMainThread()); 108 109 109 auto url = m_request.url().isolatedCopy();110 111 110 if (std::isnan(m_requestStartTime)) 112 111 m_requestStartTime = MonotonicTime::now().isolatedCopy(); 113 112 114 if ( url.isLocalFile())115 invokeDidReceiveResponseForFile( url);113 if (m_request.url().isLocalFile()) 114 invokeDidReceiveResponseForFile(m_request.url()); 116 115 else 117 116 startWithJobManager(); … … 580 579 } 581 580 582 void CurlRequest::invokeDidReceiveResponseForFile( URL& url)581 void CurlRequest::invokeDidReceiveResponseForFile(const URL& url) 583 582 { 584 583 // Since the code in didReceiveHeader() will not have run for local files … … 590 589 ASSERT(url.isLocalFile()); 591 590 592 m_response.url = url;593 m_response.statusCode = 200;594 595 591 // Determine the MIME type based on the path. 596 m_response.headers.append(String("Content-Type: " + MIMETypeRegistry::getMIMETypeForPath(m_response.url.path())));592 auto mimeType = MIMETypeRegistry::getMIMETypeForPath(url.path()); 597 593 598 594 // DidReceiveResponse must not be called immediately 599 runOnWorkerThreadIfRequired([this, protectedThis = makeRef(*this)]() { 600 invokeDidReceiveResponse(m_response, Action::StartTransfer); 595 runOnWorkerThreadIfRequired([this, protectedThis = makeRef(*this), url = crossThreadCopy(url), mimeType = crossThreadCopy(WTFMove(mimeType))]() mutable { 596 CurlResponse response; 597 response.url = WTFMove(url); 598 response.statusCode = 200; 599 response.headers.append("Content-Type: " + mimeType); 600 601 invokeDidReceiveResponse(response, Action::StartTransfer); 601 602 }); 602 603 } -
trunk/Source/WebCore/platform/network/curl/CurlRequest.h
r246401 r247874 142 142 bool needToInvokeDidReceiveResponse() const { return m_didReceiveResponse && !m_didNotifyResponse; } 143 143 bool needToInvokeDidCancelTransfer() const { return m_didNotifyResponse && !m_didReturnFromNotify && m_actionAfterInvoke == Action::FinishTransfer; } 144 void invokeDidReceiveResponseForFile( URL&);144 void invokeDidReceiveResponseForFile(const URL&); 145 145 void invokeDidReceiveResponse(const CurlResponse&, Action); 146 146 void setRequestPaused(bool);
Note: See TracChangeset
for help on using the changeset viewer.