<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[185643] trunk/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/185643">185643</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2015-06-16 23:03:27 -0700 (Tue, 16 Jun 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>WebProcess crashes after too many redirect error when there's an active NPAPI plugin
https://bugs.webkit.org/show_bug.cgi?id=146019
Reviewed by Darin Adler.
This happens with the GTK+ port after a navigation action ends up
in an infinite redirection and the ResourceHandle fails with too
many redirections error. I should actually happen after any error
is reported by the ResourceHnalder before the load is
committed. But tt only happens if there's an active NPAPI
plugin. The problem is that FrameLoader::receivedMainResourceError()
is called recursively because DocumentLoader::stopLoading() ends up
calling mainReceivedError() that calls FrameLoader::receivedMainResourceError()
again. DocumentLoader::stopLoading() checks if the document is
still loading, which can happen if the main resource is loading,
if there's any subresource loading or if there's a plugin
loading. So, in case of being loading, those cases are handled
individually to cancel the main resource, or set an error in the
document loader and cancel subresources and plugins, except for
this case of plugins, that mainReceivedError is called instead of
setting cancelled error on the document loader.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::stopLoading): If the document is still
loading because there are active plugins, set the cancelled error
on the document instead of calling mainReceivedError again.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreloaderDocumentLoadercpp">trunk/Source/WebCore/loader/DocumentLoader.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (185642 => 185643)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2015-06-17 06:00:31 UTC (rev 185642)
+++ trunk/Source/WebCore/ChangeLog 2015-06-17 06:03:27 UTC (rev 185643)
</span><span class="lines">@@ -1,3 +1,32 @@
</span><ins>+2015-06-16 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ WebProcess crashes after too many redirect error when there's an active NPAPI plugin
+ https://bugs.webkit.org/show_bug.cgi?id=146019
+
+ Reviewed by Darin Adler.
+
+ This happens with the GTK+ port after a navigation action ends up
+ in an infinite redirection and the ResourceHandle fails with too
+ many redirections error. I should actually happen after any error
+ is reported by the ResourceHnalder before the load is
+ committed. But tt only happens if there's an active NPAPI
+ plugin. The problem is that FrameLoader::receivedMainResourceError()
+ is called recursively because DocumentLoader::stopLoading() ends up
+ calling mainReceivedError() that calls FrameLoader::receivedMainResourceError()
+ again. DocumentLoader::stopLoading() checks if the document is
+ still loading, which can happen if the main resource is loading,
+ if there's any subresource loading or if there's a plugin
+ loading. So, in case of being loading, those cases are handled
+ individually to cancel the main resource, or set an error in the
+ document loader and cancel subresources and plugins, except for
+ this case of plugins, that mainReceivedError is called instead of
+ setting cancelled error on the document loader.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::stopLoading): If the document is still
+ loading because there are active plugins, set the cancelled error
+ on the document instead of calling mainReceivedError again.
+
</ins><span class="cx"> 2015-06-16 Youenn Fablet <youenn.fablet@crf.canon.fr> and Xabier Rodriguez Calvar <calvaris@igalia.com>
</span><span class="cx">
</span><span class="cx"> [Streams API] Implement ReadableStream locked property
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderDocumentLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (185642 => 185643)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2015-06-17 06:00:31 UTC (rev 185642)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2015-06-17 06:03:27 UTC (rev 185643)
</span><span class="lines">@@ -328,14 +328,15 @@
</span><span class="cx"> if (isLoadingMainResource()) {
</span><span class="cx"> // Stop the main resource loader and let it send the cancelled message.
</span><span class="cx"> cancelMainResourceLoad(frameLoader->cancelledError(m_request));
</span><del>- } else if (!m_subresourceLoaders.isEmpty())
- // The main resource loader already finished loading. Set the cancelled error on the
- // document and let the subresourceLoaders send individual cancelled messages below.
</del><ins>+ } else if (!m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty()) {
+ // The main resource loader already finished loading. Set the cancelled error on the
+ // document and let the subresourceLoaders and pluginLoaders send individual cancelled messages below.
</ins><span class="cx"> setMainDocumentError(frameLoader->cancelledError(m_request));
</span><del>- else
</del><ins>+ } else {
</ins><span class="cx"> // If there are no resource loaders, we need to manufacture a cancelled message.
</span><span class="cx"> // (A back/forward navigation has no resource loaders because its resources are cached.)
</span><span class="cx"> mainReceivedError(frameLoader->cancelledError(m_request));
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> // We always need to explicitly cancel the Document's parser when stopping the load.
</span><span class="cx"> // Otherwise cancelling the parser while starting the next page load might result
</span></span></pre>
</div>
</div>
</body>
</html>