[Webkit-unassigned] [Bug 73325] New: Crash due to m_resource being released while SubresourceLoader::didFinishLoading is executing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 29 08:15:27 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=73325
Summary: Crash due to m_resource being released while
SubresourceLoader::didFinishLoading is executing
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows 7
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: marshall at chromium.org
CC: abarth at webkit.org
If a load is canceled m_resource might be released in the call hierarchy originating from m_resource->data(). This causes the subsequent call to m_reosurce->finish() to crash. This problem can be fixed by protecting m_resource in SubresourceLoader::didFinishLoading() before calling any of the m_resource methods:
CachedResourceHandle<CachedResource> protect_res(m_resource);
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list