Changeset 67951 in webkit


Ignore:
Timestamp:
Sep 21, 2010 7:30:51 AM (14 years ago)
Author:
jocelyn.turcotte@nokia.com
Message:

2010-09-21 Jocelyn Turcotte <jocelyn.turcotte@nokia.com>

Reviewed by Andreas Kling.

[Qt] Check if the reply has been deleted before finishing a network request
https://bugs.webkit.org/show_bug.cgi?id=46174

A crash can happen with the following sequence:

  1. QNetworkReplyHandler::abort() emits reply->deleteLater()
  2. QNAM emits QNetworkReply::finished() -> calls QNetworkReplyHandler::finish()
  3. event loop would call reply->deleteLater() However a crash occurs since m_reply == 0 on step 2.
  • platform/network/qt/QNetworkReplyHandler.cpp: (WebCore::QNetworkReplyHandler::finish):
Location:
trunk/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r67950 r67951  
     12010-09-21  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
     2
     3        Reviewed by Andreas Kling.
     4
     5        [Qt] Check if the reply has been deleted before finishing a network request
     6        https://bugs.webkit.org/show_bug.cgi?id=46174
     7
     8        A crash can happen with the following sequence:
     9        1. QNetworkReplyHandler::abort() emits reply->deleteLater()
     10        2. QNAM emits QNetworkReply::finished() -> calls QNetworkReplyHandler::finish()
     11        3. event loop would call reply->deleteLater()
     12        However a crash occurs since m_reply == 0 on step 2.
     13
     14        * platform/network/qt/QNetworkReplyHandler.cpp:
     15        (WebCore::QNetworkReplyHandler::finish):
     16
    1172010-09-21  Jochen Eisinger  <jochen@chromium.org>
    218

  • trunk/WebCore/platform/network/qt/QNetworkReplyHandler.cpp

    r67553 r67951  
    247247        return;
    248248
     249    if (!m_reply)
     250        return;
     251
    249252    sendResponseIfNeeded();
    250253
Note: See TracChangeset for help on using the changeset viewer.