Changeset 53143 in webkit

Timestamp:

Jan 12, 2010 10:10:14 AM (14 years ago)

Author:

eric@webkit.org

Message:

2010-01-12 Tony Chang <​tony@chromium.org>

Reviewed by Maciej Stachowiak.

Add a test for a Chromium crash when loading multipart/x-mixed-replace
data.

​https://bugs.webkit.org/show_bug.cgi?id=31446

• http/tests/multipart/multipart-wait-before-boundary-expected.txt: Added.
• http/tests/multipart/multipart-wait-before-boundary.html: Added.
• http/tests/multipart/resources/multipart-wait-before-boundary.php: Added.

2010-01-12 Tony Chang <​tony@chromium.org>

Reviewed by Maciej Stachowiak.

Fix a crash in Chromium when receiving multipart/x-mixed-replace data.
If we stop a multipart load after ResourceLoader::didReceiveResponse
but before ResourceLoader::didReceiveData, we have a NULL document
loader because it has been moved back to the provisional state. New
loads that happen after this will dereference the NULL document
loader.

Work around this by moving the provisional document loader back as
the document loader when the request is stopped.

​https://bugs.webkit.org/show_bug.cgi?id=31446

Test: http/tests/multipart/multipart-wait-before-boundary.html

• loader/FrameLoader.cpp: (WebCore::FrameLoader::checkLoadCompleteForThisFrame):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/multipart/multipart-wait-before-boundary-expected.txt (added)
• LayoutTests/http/tests/multipart/multipart-wait-before-boundary.html (added)
• LayoutTests/http/tests/multipart/resources/multipart-wait-before-boundary.php (added)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/loader/FrameLoader.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2010-01-12  Tony Chang  <tony@chromium.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add a test for a Chromium crash when loading multipart/x-mixed-replace
+        data.
+
+        https://bugs.webkit.org/show_bug.cgi?id=31446
+
+        * http/tests/multipart/multipart-wait-before-boundary-expected.txt: Added.
+        * http/tests/multipart/multipart-wait-before-boundary.html: Added.
+        * http/tests/multipart/resources/multipart-wait-before-boundary.php: Added.
+
 2010-01-12  Petri Latvala  <petri.latvala@nomovok.com>
 

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-01-12  Tony Chang  <tony@chromium.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix a crash in Chromium when receiving multipart/x-mixed-replace data.
+        If we stop a multipart load after ResourceLoader::didReceiveResponse
+        but before ResourceLoader::didReceiveData, we have a NULL document
+        loader because it has been moved back to the provisional state.  New
+        loads that happen after this will dereference the NULL document
+        loader.
+
+        Work around this by moving the provisional document loader back as
+        the document loader when the request is stopped.
+
+        https://bugs.webkit.org/show_bug.cgi?id=31446
+
+        Test: http/tests/multipart/multipart-wait-before-boundary.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
+
 2010-01-12  Enrica Casucci  <enrica@apple.com>
 

trunk/WebCore/loader/FrameLoader.cpp

@@ -2923 +2923 @@
                 pdl->stopLoading();
 
+                if (isReplacing())
+                    setDocumentLoader(m_provisionalDocumentLoader.get());
+
                 // Finish resetting the load state, but only if another load hasn't been started by the
                 // delegate callback.