Changeset 86397 in webkit


Ignore:
Timestamp:
May 12, 2011 4:45:35 PM (13 years ago)
Author:
andersca@apple.com
Message:

2011-05-12 Anders Carlsson <andersca@apple.com>

Reviewed by Dan Bernstein.

Crash when a plug-in tries to load a resource from the application cache
https://bugs.webkit.org/show_bug.cgi?id=60735
<rdar://problem/8216142>

When loading application cache resources from disk, we would never restore the
HTTP status code, which means that resources would always have a 0 status code.
This led to the plug-in stream loader canceling the load, something which the application
cache loading machinery couldn't deal and thus would crash.

Fix the reading of the HTTP status code, and make the loader more robust against
application cache loads being canceled.

Unfortunately, I couldn't come up with a test for this because I couldn't find a reliable way
to force the application cache to be read from disk, so all resources would have valid values.

  • loader/DocumentLoader.cpp: (WebCore::DocumentLoader::substituteResourceDeliveryTimerFired):
  • loader/appcache/ApplicationCacheStorage.cpp: (WebCore::ApplicationCacheStorage::loadCache):
Location:
trunk/Source/WebCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r86395 r86397  
     12011-05-12  Anders Carlsson  <andersca@apple.com>
     2
     3        Reviewed by Dan Bernstein.
     4
     5        Crash when a plug-in tries to load a resource from the application cache
     6        https://bugs.webkit.org/show_bug.cgi?id=60735
     7        <rdar://problem/8216142>
     8
     9        When loading application cache resources from disk, we would never restore the
     10        HTTP status code, which means that resources would always have a 0 status code.
     11        This led to the plug-in stream loader canceling the load, something which the application
     12        cache loading machinery couldn't deal and thus would crash.
     13
     14        Fix the reading of the HTTP status code, and make the loader more robust against
     15        application cache loads being canceled.
     16
     17        Unfortunately, I couldn't come up with a test for this because I couldn't find a reliable way
     18        to force the application cache to be read from disk, so all resources would have valid values.
     19
     20        * loader/DocumentLoader.cpp:
     21        (WebCore::DocumentLoader::substituteResourceDeliveryTimerFired):
     22        * loader/appcache/ApplicationCacheStorage.cpp:
     23        (WebCore::ApplicationCacheStorage::loadCache):
     24
    1252011-05-12  Emil A Eklund  <eae@chromium.org>
    226

  • trunk/Source/WebCore/loader/DocumentLoader.cpp

    r85785 r86397  
    590590       
    591591            loader->didReceiveResponse(resource->response());
     592
     593            // Calling ResourceLoader::didReceiveResponse can end up cancelling the load,
     594            // so we need to check if the loader has reached its terminal state.
     595            if (loader->reachedTerminalState())
     596                return;
     597
     598            // Calling ResourceLoader::didReceiveData can end up cancelling the load,
     599            // so we need to check if the loader has reached its terminal state.
    592600            loader->didReceiveData(data->data(), data->size(), data->size(), true);
     601            if (loader->reachedTerminalState())
     602                return;
     603
    593604            loader->didFinishLoading(0);
    594605        } else {

  • trunk/Source/WebCore/loader/appcache/ApplicationCacheStorage.cpp

    r82000 r86397  
    10561056{
    10571057    SQLiteStatement cacheStatement(m_database,
    1058                                    "SELECT url, type, mimeType, textEncodingName, headers, CacheResourceData.data, CacheResourceData.path FROM CacheEntries INNER JOIN CacheResources ON CacheEntries.resource=CacheResources.id "
     1058                                   "SELECT url, statusCode, type, mimeType, textEncodingName, headers, CacheResourceData.data, CacheResourceData.path FROM CacheEntries INNER JOIN CacheResources ON CacheEntries.resource=CacheResources.id "
    10591059                                   "INNER JOIN CacheResourceData ON CacheResourceData.id=CacheResources.data WHERE CacheEntries.cache=?");
    10601060    if (cacheStatement.prepare() != SQLResultOk) {
     
    10731073        KURL url(ParsedURLString, cacheStatement.getColumnText(0));
    10741074       
    1075         unsigned type = static_cast<unsigned>(cacheStatement.getColumnInt64(1));
     1075        int httpStatusCode = cacheStatement.getColumnInt(1);
     1076
     1077        unsigned type = static_cast<unsigned>(cacheStatement.getColumnInt64(2));
    10761078
    10771079        Vector<char> blob;
    1078         cacheStatement.getColumnBlobAsVector(5, blob);
     1080        cacheStatement.getColumnBlobAsVector(6, blob);
    10791081       
    10801082        RefPtr<SharedBuffer> data = SharedBuffer::adoptVector(blob);
    10811083       
    1082         String path = cacheStatement.getColumnText(6);
     1084        String path = cacheStatement.getColumnText(7);
    10831085        long long size = 0;
    10841086        if (path.isEmpty())
     
    10891091        }
    10901092       
    1091         String mimeType = cacheStatement.getColumnText(2);
    1092         String textEncodingName = cacheStatement.getColumnText(3);
     1093        String mimeType = cacheStatement.getColumnText(3);
     1094        String textEncodingName = cacheStatement.getColumnText(4);
    10931095       
    10941096        ResourceResponse response(url, mimeType, size, textEncodingName, "");
    1095 
    1096         String headers = cacheStatement.getColumnText(4);
     1097        response.setHTTPStatusCode(httpStatusCode);
     1098
     1099        String headers = cacheStatement.getColumnText(5);
    10971100        parseHeaders(headers, response);
    10981101       
Note: See TracChangeset for help on using the changeset viewer.