[Webkit-unassigned] [Bug 25562] New: Potential crash after ApplicationCacheStorage::storeNewestCache() fails.

Tue May 5 04:18:04 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=25562

           Summary: Potential crash after
                    ApplicationCacheStorage::storeNewestCache() fails.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: andreip at google.com
                CC: ap at webkit.org

In ApplicationCacheGroup.cpp:736 we have:

(...)
cacheStorage().storeNewestCache(this, maxAppCacheSize());
if (oldNewestCache)
    cacheStorage().remove(oldNewestCache.get());
postListenerTask(someSuccessCallback);
(...)

The problem with this is that the return value of
cacheStorage().storeNewestCache() is never checked. If it fails (e.g. the
user's data partition if full), the code should fire an error event and bail
out. Instead, the existing newest cache is wiped out, thereby leaving an orphan
cache group in the CachedGroups table. This orphan cache group now points to a
non-existing "newest cache" so next time this group will be loaded, there will
be no associated manifest resource and an assertion will fire in
applicationcachegroup.cpp:597:

ApplicationCacheResource* newestManifest = m_newestCache->manifestResource();
ASSERT(newestManifest);

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.