[SCM] WebKit Debian packaging branch, debian/experimental, updated. debian/1.3.8-1-1049-g2e11a8e
commit-queue at webkit.org
commit-queue at webkit.org
Fri Jan 21 15:02:14 UTC 2011
The following commit has been merged in the debian/experimental branch:
commit 2bb13e35aa1280614ad4d9768d602f8ba8f197a4
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Jan 6 16:31:47 2011 +0000
2011-01-06 Jan Erik Hanssen <jhanssen at sencha.com>
Reviewed by Andreas Kling.
[Qt] crash in QNetworkReplyHandler::sendResponseIfNeeded()
https://bugs.webkit.org/show_bug.cgi?id=51453
Check if m_reply is NULL before accessing.
* manual-tests/load-deferrer-resume-crash.html: Added.
* platform/network/qt/QNetworkReplyHandler.cpp:
(WebCore::QNetworkReplyHandler::setLoadMode):
(WebCore::QNetworkReplyHandler::sendResponseIfNeeded):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75157 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 88a78aa..40f9e18 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2011-01-06 Jan Erik Hanssen <jhanssen at sencha.com>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] crash in QNetworkReplyHandler::sendResponseIfNeeded()
+ https://bugs.webkit.org/show_bug.cgi?id=51453
+
+ Check if m_reply is NULL before accessing.
+
+ * manual-tests/load-deferrer-resume-crash.html: Added.
+ * platform/network/qt/QNetworkReplyHandler.cpp:
+ (WebCore::QNetworkReplyHandler::setLoadMode):
+ (WebCore::QNetworkReplyHandler::sendResponseIfNeeded):
+
2011-01-06 Andras Becsi <abecsi at webkit.org>
Reviewed by Csaba Osztrogonác.
diff --git a/WebCore/manual-tests/load-deferrer-resume-crash.html b/WebCore/manual-tests/load-deferrer-resume-crash.html
new file mode 100644
index 0000000..89f15b1
--- /dev/null
+++ b/WebCore/manual-tests/load-deferrer-resume-crash.html
@@ -0,0 +1,33 @@
+<html>
+<head>
+<script>
+var counter = 0;
+
+function loadJSFile(){
+ var i = document.createElement('img')
+ i.setAttribute("src", "resources/apple.jpg?counter=" + counter);
+
+ counter++;
+
+ document.getElementById("images").appendChild(i);
+}
+
+function runModal()
+{
+ loadJSFile();
+
+ alert("Deferring loads");
+}
+</script>
+</head>
+
+<body>
+
+<input id="button" type="button" value="click me" onclick="runModal()"/>
+
+<div id="images"></div>
+
+<p>Click the above button to start loading an image and then open an alert() box. For the test to pass there should be no crash when closing the alert box.</p>
+
+</body>
+</html>
diff --git a/WebCore/platform/network/qt/QNetworkReplyHandler.cpp b/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
index 2ff7d9c..98fd68d 100644
--- a/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
+++ b/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
@@ -242,13 +242,20 @@ void QNetworkReplyHandler::setLoadMode(LoadMode mode)
case LoadNormal:
m_loadMode = LoadResuming;
emit processQueuedItems();
- // Restart forwarding only after processQueuedItems to make sure
- // our buffered data was handled before any incoming data.
- m_reply->setForwardingDefered(false);
+
+ // sendQueuedItems() may cause m_reply to be set to 0 due to the finish() call causing
+ // the ResourceHandle instance that owns this QNetworkReplyHandler to be destroyed.
+ if (m_reply) {
+ // Restart forwarding only after processQueuedItems to make sure
+ // our buffered data was handled before any incoming data.
+ m_reply->setForwardingDefered(false);
+ }
break;
case LoadDeferred:
- m_loadMode = LoadDeferred;
- m_reply->setForwardingDefered(true);
+ if (m_reply) {
+ m_loadMode = LoadDeferred;
+ m_reply->setForwardingDefered(true);
+ }
break;
case LoadResuming:
Q_ASSERT(0); // should never happen
@@ -349,6 +356,9 @@ void QNetworkReplyHandler::sendResponseIfNeeded()
if (m_shouldSendResponse)
return;
+ if (!m_reply)
+ return;
+
if (m_reply->error() && !ignoreHttpError(m_reply, m_responseContainsData))
return;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list