[Webkit-unassigned] [Bug 11724] New: [S60] 3.1 & 3.2 Memory handling error in CHttpCacheEntry::Internalize(), BrowserCache.dll

Thu Nov 30 10:39:28 PST 2006

http://bugs.webkit.org/show_bug.cgi?id=11724

           Summary: [S60] 3.1 & 3.2 Memory handling error in
                    CHttpCacheEntry::Internalize(), BrowserCache.dll
           Product: WebKit
           Version: 420+ (nightly)
          Platform: S60 Emulator
        OS/Version: S60 3rd edition
            Status: NEW
          Keywords: PlatformOnly, InTSW
          Severity: Critical
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: Sachin.Padma at nokia.com

S60_3_1_200638 release, file name
\S60\mw\web\WebEngine\OssWebengine\WebKit\ResourceLoader\CacheSrc\HttpCacheEntry.cpp
contains the following code...

TInt CHttpCacheEntry::Internalize(
    RFileReadStream& aReadStream )
    {
    TRAPD( err,
     TInt len;
    // url length
    len = aReadStream.ReadInt32L();
    delete iUrl;
    iUrl = HBufC8::NewL( len ); <== if NewL leaves, then iUrl is deleted, but
iUrl is not NULL
    TPtr8 ptr8( iUrl->Des() );
    // url
    aReadStream.ReadL( ptr8, len );
    // filename length
    len = aReadStream.ReadInt32L();
    HBufC* filename = HBufC::NewLC( len );
    TPtr ptr( filename->Des() );
    // url
    aReadStream.ReadL( ptr, len );
    //
    SetFileNameL( filename->Des() );
    //
    CleanupStack::PopAndDestroy(); // filename
    // la
    TReal64 la;
    la = aReadStream.ReadReal64L();
    iLastAccessed = la;
    // ref
    iRef = aReadStream.ReadUint32L();
    // size
    iSize = aReadStream.ReadUint32L( );
    // size
    iHeaderSize = aReadStream.ReadUint32L( );
    // protected
    iProtected = aReadStream.ReadInt32L();
    //
    SetState( ECacheComplete ); );
    return err;
    }

... and this causes problems after CHttpCacheEntry destructor is run, because
it deletes the same heap-allocated iUrl again.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.