Skip to site navigation (Press enter)

[webkit-changes] [133700] branches/safari-536.28-branch

lforschler Tue, 06 Nov 2012 17:33:37 -0800

Title: [133700] branches/safari-536.28-branch

Revision: 133700
Author: [email protected]
Date: 2012-11-06 17:35:00 -0800 (Tue, 06 Nov 2012)

Log Message

Merged r127082.  <rdar://problem/12536425>


Modified Paths

branches/safari-536.28-branch/LayoutTests/ChangeLog
branches/safari-536.28-branch/Source/WebCore/ChangeLog
branches/safari-536.28-branch/Source/WebCore/fileapi/FileReader.cpp


Added Paths

branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort-expected.txt
branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort.html
branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort-expected.txt
branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort.html

Diff

Modified: branches/safari-536.28-branch/LayoutTests/ChangeLog (133699 => 133700)


--- branches/safari-536.28-branch/LayoutTests/ChangeLog	2012-11-07 01:17:53 UTC (rev 133699)
+++ branches/safari-536.28-branch/LayoutTests/ChangeLog	2012-11-07 01:35:00 UTC (rev 133700)
@@ -1,5 +1,24 @@
 2012-11-06  Lucas Forschler  <[email protected]>
 
+        Merge r127082
+
+    2012-08-29  Michael Saboff  <[email protected]>
+
+            use after free in WebCore::FileReader::doAbort
+            https://bugs.webkit.org/show_bug.cgi?id=91004
+
+            Reviewed by Jian Li.
+
+            New tests to check that FileReader::abort doesn't crash or create events before
+            or after reading.
+
+            * fast/files/file-reader-done-reading-abort-expected.txt: Added.
+            * fast/files/file-reader-done-reading-abort.html: Added.
+            * fast/files/file-reader-immediate-abort-expected.txt: Added.
+            * fast/files/file-reader-immediate-abort.html: Added.
+
+2012-11-06  Lucas Forschler  <[email protected]>
+
         Merge r126657
 
     2012-08-24  Florin Malita  <[email protected]>
@@ -11137,3 +11156,4 @@
 .
 .
 .
+.

Copied: branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort-expected.txt (from rev 127082, trunk/LayoutTests/fast/files/file-reader-done-reading-abort-expected.txt) (0 => 133700)


--- branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort-expected.txt	                        (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort-expected.txt	2012-11-07 01:35:00 UTC (rev 133700)
@@ -0,0 +1,3 @@
+Test that FileReader.abort after reading is done doesn't fire events.
+DONE
+

Copied: branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort.html (from rev 127082, trunk/LayoutTests/fast/files/file-reader-done-reading-abort.html) (0 => 133700)


--- branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort.html	                        (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-done-reading-abort.html	2012-11-07 01:35:00 UTC (rev 133700)
@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<body>
+<pre id='console'></pre>
+<script src=""
+<script>
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    log("Test that FileReader.abort after reading is done doesn't fire events.");
+
+    var text = "Hello";
+    var reader = new FileReader();
+
+    reader._onloadend_ = function(event) {
+        fileString = event.target.result;
+        if (fileString != text)
+            log("Incorrect data read, expected " + text + ", got " + fileString);
+
+        reader._onabort_ = function() {
+            log("Received abort event after reading");
+        };
+        reader._onload_ = function() {
+            log("Received load event after reading");
+        };
+        reader._onloadend_ = function() {
+            log("Received loadend event after reading");
+        };
+        reader._onloadstart_ = function() {
+            log("Received load start event after reading");
+        };
+        reader._onprogress_ = function() {
+            log("Received progress event after reading");
+        };
+
+        reader.abort();
+        gc();
+        finishTest();
+    }
+
+    reader._onerror_ = function(event) {
+        log("Received error event: " + event.target.error.code);
+    };
+
+    reader.readAsText(new Blob([text]));
+}
+
+function finishTest()
+{
+    log("DONE");
+    if (testRunner.notifyDone)
+        testRunner.notifyDone();
+}
+
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+window._onload_ = runTest;
+</script>
+</body>
+</html>

Copied: branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort-expected.txt (from rev 127082, trunk/LayoutTests/fast/files/file-reader-immediate-abort-expected.txt) (0 => 133700)


--- branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort-expected.txt	                        (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort-expected.txt	2012-11-07 01:35:00 UTC (rev 133700)
@@ -0,0 +1,6 @@
+Test that FileReader.abort on newly created FileReader doesn't crash.
+PASSED
+Test that FileReader.abort on newly created FileReader doesn't fire events.
+PASSED
+DONE
+

Copied: branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort.html (from rev 127082, trunk/LayoutTests/fast/files/file-reader-immediate-abort.html) (0 => 133700)


--- branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort.html	                        (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/fast/files/file-reader-immediate-abort.html	2012-11-07 01:35:00 UTC (rev 133700)
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+<body>
+<pre id='console'></pre>
+<script src=""
+<script>
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+function test1()
+{
+    log("Test that FileReader.abort on newly created FileReader doesn't crash.");
+    new FileReader().abort();
+}
+
+function test2()
+{
+    log("Test that FileReader.abort on newly created FileReader doesn't fire events.");
+
+    var reader = new FileReader();
+    reader._onload_ = function() {
+        log("Received load event");
+    };
+    reader._onloadend_ = function() {
+        log("Received loadend event");
+    };
+    reader._onabort_ = function() {
+        log("Received abort event");
+    };
+    reader._onerror_ = function(event) {
+        log("Received error event: " + event.target.error.code);
+    };
+
+    reader.abort();
+}
+
+function runTests()
+{
+    test1();
+    gc();
+    log("PASSED");
+
+    test2();
+    gc();
+    log("PASSED");
+
+    log("DONE");
+    if (testRunner.notifyDone)
+        testRunner.notifyDone();
+}
+
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+window._onload_ = runTests;
+</script>
+</body>
+</html>

Modified: branches/safari-536.28-branch/Source/WebCore/ChangeLog (133699 => 133700)


--- branches/safari-536.28-branch/Source/WebCore/ChangeLog	2012-11-07 01:17:53 UTC (rev 133699)
+++ branches/safari-536.28-branch/Source/WebCore/ChangeLog	2012-11-07 01:35:00 UTC (rev 133700)
@@ -1,5 +1,25 @@
 2012-11-06  Lucas Forschler  <[email protected]>
 
+        Merge r127082
+
+    2012-08-29  Michael Saboff  <[email protected]>
+
+            use after free in WebCore::FileReader::doAbort
+            https://bugs.webkit.org/show_bug.cgi?id=91004
+
+            Reviewed by Jian Li.
+
+            Added check in FileReader::abort to not process the abort if we aren't in the LOADING
+            state.  This is per the FileAPI spec section 8.5.6 step #1.
+
+            Tests: fast/files/file-reader-immediate-abort.html
+                   fast/files/file-reader-done-reading-abort.html
+
+            * fileapi/FileReader.cpp:
+            (WebCore::FileReader::abort):
+
+2012-11-06  Lucas Forschler  <[email protected]>
+
         Merge r126657
 
     2012-08-24  Florin Malita  <[email protected]>
@@ -206818,3 +206838,4 @@
 .
 .
 .
+.

Modified: branches/safari-536.28-branch/Source/WebCore/fileapi/FileReader.cpp (133699 => 133700)


--- branches/safari-536.28-branch/Source/WebCore/fileapi/FileReader.cpp	2012-11-07 01:17:53 UTC (rev 133699)
+++ branches/safari-536.28-branch/Source/WebCore/fileapi/FileReader.cpp	2012-11-07 01:35:00 UTC (rev 133700)
@@ -164,7 +164,7 @@
 {
     LOG(FileAPI, "FileReader: aborting\n");
 
-    if (m_aborting)
+    if (m_aborting || m_state != LOADING)
         return;
     m_aborting = true;

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes