[Webkit-unassigned] [Bug 25562] New: Potential crash after ApplicationCacheStorage::storeNewestCache() fails.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 5 04:18:04 PDT 2009


           Summary: Potential crash after
                    ApplicationCacheStorage::storeNewestCache() fails.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: andreip at google.com
                CC: ap at webkit.org

In ApplicationCacheGroup.cpp:736 we have:

cacheStorage().storeNewestCache(this, maxAppCacheSize());
if (oldNewestCache)

The problem with this is that the return value of
cacheStorage().storeNewestCache() is never checked. If it fails (e.g. the
user's data partition if full), the code should fire an error event and bail
out. Instead, the existing newest cache is wiped out, thereby leaving an orphan
cache group in the CachedGroups table. This orphan cache group now points to a
non-existing "newest cache" so next time this group will be loaded, there will
be no associated manifest resource and an assertion will fire in

ApplicationCacheResource* newestManifest = m_newestCache->manifestResource();

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list