[webkit-changes] [91157] trunk/Source/WebCore

[psolanki]

Title: [91157] trunk/Source/WebCore

Revision

91157

Author

psola...@apple.com

Date

2011-07-16 16:29:29 -0700 (Sat, 16 Jul 2011)

Log Message

SubresourceLoader::didReceiveDataArray can crash when calling m_client->didReceiveData()
https://bugs.webkit.org/show_bug.cgi?id=64656
<rdar://problem/9754425>

Reviewed by Alexey Proskuryakov.

* loader/cf/SubresourceLoaderCF.cpp:
(WebCore::SubresourceLoader::didReceiveDataArray): Check for m_client before calling
m_client->didReceiveData().

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/cf/SubresourceLoaderCF.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (91156 => 91157)

--- trunk/Source/WebCore/ChangeLog	2011-07-16 23:14:09 UTC (rev 91156)
+++ trunk/Source/WebCore/ChangeLog	2011-07-16 23:29:29 UTC (rev 91157)
@@ -1,3 +1,15 @@
+2011-07-16  Pratik Solanki  <psola...@apple.com>
+
+        SubresourceLoader::didReceiveDataArray can crash when calling m_client->didReceiveData()
+        https://bugs.webkit.org/show_bug.cgi?id=64656
+        <rdar://problem/9754425>
+
+        Reviewed by Alexey Proskuryakov.
+
+        * loader/cf/SubresourceLoaderCF.cpp:
+        (WebCore::SubresourceLoader::didReceiveDataArray): Check for m_client before calling
+        m_client->didReceiveData().
+
 2011-07-16  Dinu Jacob  <dinu.ja...@nokia.com>
 
         [Qt] Compilation fails on disabling TextureMapper

Modified: trunk/Source/WebCore/loader/cf/SubresourceLoaderCF.cpp (91156 => 91157)

--- trunk/Source/WebCore/loader/cf/SubresourceLoaderCF.cpp	2011-07-16 23:14:09 UTC (rev 91156)
+++ trunk/Source/WebCore/loader/cf/SubresourceLoaderCF.cpp	2011-07-16 23:29:29 UTC (rev 91157)
@@ -40,9 +40,11 @@
 
     // A subresource loader does not load multipart sections progressively.
     // So don't deliver any data to the loader yet.
-    if (!m_loadingMultipartContent && m_client) {
+    if (!m_loadingMultipartContent) {
         CFIndex arrayCount = CFArrayGetCount(dataArray);
         for (CFIndex i = 0; i < arrayCount; ++i)  {
+            if (!m_client)
+                break;
             CFDataRef data = "" i));
             m_client->didReceiveData(this, reinterpret_cast<const char *>(CFDataGetBytePtr(data)), static_cast<int>(CFDataGetLength(data)));
         }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes