[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
jocelyn.turcotte at nokia.com
jocelyn.turcotte at nokia.com
Wed Dec 22 13:36:42 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit c692f5325ab05be9d1f35825ef9ba17bcaef0aab
Author: jocelyn.turcotte at nokia.com <jocelyn.turcotte at nokia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Sep 21 14:30:51 2010 +0000
2010-09-21 Jocelyn Turcotte <jocelyn.turcotte at nokia.com>
Reviewed by Andreas Kling.
[Qt] Check if the reply has been deleted before finishing a network request
https://bugs.webkit.org/show_bug.cgi?id=46174
A crash can happen with the following sequence:
1. QNetworkReplyHandler::abort() emits reply->deleteLater()
2. QNAM emits QNetworkReply::finished() -> calls QNetworkReplyHandler::finish()
3. event loop would call reply->deleteLater()
However a crash occurs since m_reply == 0 on step 2.
* platform/network/qt/QNetworkReplyHandler.cpp:
(WebCore::QNetworkReplyHandler::finish):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67951 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index d3b90fe..5b06da3 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2010-09-21 Jocelyn Turcotte <jocelyn.turcotte at nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Check if the reply has been deleted before finishing a network request
+ https://bugs.webkit.org/show_bug.cgi?id=46174
+
+ A crash can happen with the following sequence:
+ 1. QNetworkReplyHandler::abort() emits reply->deleteLater()
+ 2. QNAM emits QNetworkReply::finished() -> calls QNetworkReplyHandler::finish()
+ 3. event loop would call reply->deleteLater()
+ However a crash occurs since m_reply == 0 on step 2.
+
+ * platform/network/qt/QNetworkReplyHandler.cpp:
+ (WebCore::QNetworkReplyHandler::finish):
+
2010-09-21 Jochen Eisinger <jochen at chromium.org>
Reviewed by Jeremy Orlow.
diff --git a/WebCore/platform/network/qt/QNetworkReplyHandler.cpp b/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
index 30f7011..b33444b 100644
--- a/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
+++ b/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
@@ -246,6 +246,9 @@ void QNetworkReplyHandler::finish()
if (m_shouldFinish)
return;
+ if (!m_reply)
+ return;
+
sendResponseIfNeeded();
if (!m_resourceHandle)
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list