[webkit-reviews] review granted: [Bug 61142] REGRESSION (r86812): Crash (preceded by assertion) in fastMalloc when downloading a file : [Attachment 94121] Don't try to process DownloadProxy messages twice (and robustify code that runs if we do)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 19 18:59:54 PDT 2011
Darin Adler <darin at apple.com> has granted Adam Roben (:aroben)
<aroben at apple.com>'s request for review:
Bug 61142: REGRESSION (r86812): Crash (preceded by assertion) in fastMalloc
when downloading a file
https://bugs.webkit.org/show_bug.cgi?id=61142
Attachment 94121: Don't try to process DownloadProxy messages twice (and
robustify code that runs if we do)
https://bugs.webkit.org/attachment.cgi?id=94121&action=review
------- Additional Comments from Darin Adler <darin at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=94121&action=review
> Source/WebKit2/Platform/CoreIPC/ArgumentDecoder.cpp:92
> uint8_t* buffer = roundUpToAlignment(m_bufferPos, alignment);
> - if (static_cast<size_t>(m_bufferEnd - buffer) < size) {
> + if (!alignedBufferIsLargeEnoughToContain(buffer, m_bufferEnd, size)) {
Seems to me a simpler way to write this is this:
if (!(alignedPosition >= m_bufferEnd || static_cast<size_t>(m_bufferEnd -
alignedPosition) < size))
I am baffled by the name “buffer” for the local variable for the aligned
position.
> Source/WebKit2/UIProcess/WebProcessProxy.cpp:274
> if (messageID.is<CoreIPC::MessageClassWebContext>() ||
messageID.is<CoreIPC::MessageClassWebContextLegacy>()
> || messageID.is<CoreIPC::MessageClassDownloadProxy>() ||
messageID.is<CoreIPC::MessageClassWebIconDatabase>()) {
> m_context->didReceiveSyncMessage(connection, messageID, arguments,
reply);
> + return;
> }
Oof! Looks like I just broke this! Thanks for the fix!!!
More information about the webkit-reviews
mailing list