[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

jianli at chromium.org jianli at chromium.org
Wed Dec 22 14:56:38 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit eb87d5e6c35308d013aa0265b9e39db8fb7c5825
Author: jianli at chromium.org <jianli at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Oct 25 20:11:11 2010 +0000

    Calling FileReader.abort during reading could cause crash
    https://bugs.webkit.org/show_bug.cgi?id=48163
    
    Reviewed by David Levin.
    
    WebCore:
    
    Test: fast/files/file-reader-abort.html
    
    * fileapi/FileReader.cpp:
    (WebCore::delayedAbort):
    (WebCore::FileReader::abort): Schedule to do the abort later to work
    around the case that abort() could be called from event handler.
    (WebCore::FileReader::doAbort):
    (WebCore::FileReader::didFail): Do not go with normal error handling
    when we are in the process of aborting.
    (WebCore::FileReader::failed):
    (WebCore::FileReader::readyState):
    * fileapi/FileReader.h:
    
    LayoutTests:
    
    * fast/files/file-reader-abort-expected.txt: Added.
    * fast/files/file-reader-abort.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70484 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 39b54a6..082d58a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-10-25  Jian Li  <jianli at chromium.org>
+
+        Reviewed by David Levin.
+
+        Calling FileReader.abort during reading could cause crash
+        https://bugs.webkit.org/show_bug.cgi?id=48163
+
+        * fast/files/file-reader-abort-expected.txt: Added.
+        * fast/files/file-reader-abort.html: Added.
+
 2010-10-25  David Hyatt  <hyatt at apple.com>
 
         Reviewed by Dan Bernstein.
diff --git a/LayoutTests/fast/files/file-reader-abort-expected.txt b/LayoutTests/fast/files/file-reader-abort-expected.txt
new file mode 100644
index 0000000..2651ca8
--- /dev/null
+++ b/LayoutTests/fast/files/file-reader-abort-expected.txt
@@ -0,0 +1,8 @@
+
+Test that FileReader.abort works.
+Received loadstart event
+Received error event: 3
+Received abort event
+Received loadend event
+DONE
+
diff --git a/LayoutTests/fast/files/file-reader-abort.html b/LayoutTests/fast/files/file-reader-abort.html
new file mode 100644
index 0000000..50a6533
--- /dev/null
+++ b/LayoutTests/fast/files/file-reader-abort.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html>
+<body>
+<input type="file" name="file" id="file" onchange="onInputFileChange()">
+<pre id='console'></pre>
+
+<script>
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+function onInputFileChange()
+{
+    log("Test that FileReader.abort works.");
+
+    var file = document.getElementById("file").files[0];
+    var reader = new FileReader();
+    reader.readAsText(file);
+    reader.onloadstart = function() {
+        log("Received loadstart event");
+        reader.abort();
+    };
+    reader.onload = function() {
+        log("Received load event");
+    };
+    reader.onloadend = function() {
+        log("Received loadend event");
+        log("DONE");
+        if (layoutTestController.notifyDone)
+            layoutTestController.notifyDone();
+    };
+    reader.onabort = function() {
+        log("Received abort event");
+    };
+    reader.onerror = function(event) {
+        log("Received error event: " + event.target.error.code);
+    };
+}
+
+function runTests()
+{
+    eventSender.beginDragWithFiles(['resources/UTF8.txt']);
+    eventSender.mouseMoveTo(10, 10);
+    eventSender.mouseUp();
+}
+
+if (window.eventSender) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+    window.onload = runTests;
+}
+</script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f907c0a..83b99dd 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,23 @@
+2010-10-25  Jian Li  <jianli at chromium.org>
+
+        Reviewed by David Levin.
+
+        Calling FileReader.abort during reading could cause crash
+        https://bugs.webkit.org/show_bug.cgi?id=48163
+
+        Test: fast/files/file-reader-abort.html
+
+        * fileapi/FileReader.cpp:
+        (WebCore::delayedAbort):
+        (WebCore::FileReader::abort): Schedule to do the abort later to work
+        around the case that abort() could be called from event handler.
+        (WebCore::FileReader::doAbort):
+        (WebCore::FileReader::didFail): Do not go with normal error handling
+        when we are in the process of aborting.
+        (WebCore::FileReader::failed):
+        (WebCore::FileReader::readyState):
+        * fileapi/FileReader.h:
+
 2010-10-25  Patrick Gansterer  <paroga at webkit.org>
 
         Reviewed by Adam Roben.
diff --git a/WebCore/fileapi/FileReader.cpp b/WebCore/fileapi/FileReader.cpp
index 666259a..0691b28 100644
--- a/WebCore/fileapi/FileReader.cpp
+++ b/WebCore/fileapi/FileReader.cpp
@@ -138,10 +138,25 @@ void FileReader::readInternal(Blob* blob, ReadType type)
     m_state = Starting;
 }
 
+static void delayedAbort(ScriptExecutionContext*, FileReader* reader)
+{
+    reader->doAbort();
+}
+
 void FileReader::abort()
 {
     LOG(FileAPI, "FileReader: aborting\n");
 
+    if (m_state == Aborting)
+        return;
+    m_state = Aborting;
+
+    // Schedule to have the abort done later since abort() might be called from the event handler and we do not want the resource loading code to be in the stack.
+    scriptExecutionContext()->postTask(createCallbackTask(&delayedAbort, this));
+}
+
+void FileReader::doAbort()
+{
     terminate();
 
     m_builder.clear();
@@ -247,6 +262,10 @@ void FileReader::didFinishLoading(unsigned long)
 
 void FileReader::didFail(const ResourceError&)
 {
+    // If we're aborting, do not proceed with normal error handling since it is covered in aborting code.
+    if (m_state == Aborting)
+        return;
+
     // Treat as internal error.
     failed(500);
 }
@@ -255,7 +274,7 @@ void FileReader::failed(int httpStatusCode)
 {
     m_state = Completed;
 
-     m_error = FileError::create(httpStatusCodeToErrorCode(httpStatusCode));
+    m_error = FileError::create(httpStatusCodeToErrorCode(httpStatusCode));
     fireEvent(eventNames().errorEvent);
     fireEvent(eventNames().loadendEvent);
 
@@ -288,6 +307,7 @@ FileReader::ReadyState FileReader::readyState() const
         return EMPTY;
     case Opening:
     case Reading:
+    case Aborting:
         return LOADING;
     case Completed:
         return DONE;
diff --git a/WebCore/fileapi/FileReader.h b/WebCore/fileapi/FileReader.h
index 5a135a2..3f76ad6 100644
--- a/WebCore/fileapi/FileReader.h
+++ b/WebCore/fileapi/FileReader.h
@@ -74,6 +74,7 @@ public:
     void abort();
 
     void start();
+    void doAbort();
 
     ReadyState readyState() const;
     PassRefPtr<FileError> error() { return m_error; }
@@ -119,6 +120,7 @@ private:
         Starting,
         Opening,
         Reading,
+        Aborting,
         Completed
     };
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list