[Webkit-unassigned] [Bug 11724] New: [S60] 3.1 & 3.2 Memory handling error in CHttpCacheEntry::Internalize(), BrowserCache.dll
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 30 10:39:28 PST 2006
http://bugs.webkit.org/show_bug.cgi?id=11724
Summary: [S60] 3.1 & 3.2 Memory handling error in
CHttpCacheEntry::Internalize(), BrowserCache.dll
Product: WebKit
Version: 420+ (nightly)
Platform: S60 Emulator
OS/Version: S60 3rd edition
Status: NEW
Keywords: PlatformOnly, InTSW
Severity: Critical
Priority: P2
Component: WebKit Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: Sachin.Padma at nokia.com
S60_3_1_200638 release, file name
\S60\mw\web\WebEngine\OssWebengine\WebKit\ResourceLoader\CacheSrc\HttpCacheEntry.cpp
contains the following code...
TInt CHttpCacheEntry::Internalize(
RFileReadStream& aReadStream )
{
TRAPD( err,
TInt len;
// url length
len = aReadStream.ReadInt32L();
delete iUrl;
iUrl = HBufC8::NewL( len ); <== if NewL leaves, then iUrl is deleted, but
iUrl is not NULL
TPtr8 ptr8( iUrl->Des() );
// url
aReadStream.ReadL( ptr8, len );
// filename length
len = aReadStream.ReadInt32L();
HBufC* filename = HBufC::NewLC( len );
TPtr ptr( filename->Des() );
// url
aReadStream.ReadL( ptr, len );
//
SetFileNameL( filename->Des() );
//
CleanupStack::PopAndDestroy(); // filename
// la
TReal64 la;
la = aReadStream.ReadReal64L();
iLastAccessed = la;
// ref
iRef = aReadStream.ReadUint32L();
// size
iSize = aReadStream.ReadUint32L( );
// size
iHeaderSize = aReadStream.ReadUint32L( );
// protected
iProtected = aReadStream.ReadInt32L();
//
SetState( ECacheComplete ); );
return err;
}
... and this causes problems after CHttpCacheEntry destructor is run, because
it deletes the same heap-allocated iUrl again.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list