[Webkit-unassigned] [Bug 68238] Crash while loading http://www.jusco.cn

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 16 04:28:06 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=68238


Nayan Kumar K <nayankk at motorola.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|webkit-unassigned at lists.web |nayankk at motorola.com
                   |kit.org                     |




--- Comment #1 from Nayan Kumar K <nayankk at motorola.com>  2011-09-16 04:28:06 PST ---
Crash is happening the following code, and it seems to happen for AJAX resource requests.


#if ENABLE(OFFLINE_WEB_APPLICATIONS)
        if (!documentLoader()->applicationCacheHost()->maybeLoadSynchronously(newRequest, error, response, data)) {
#endif
            ResourceHandle::loadResourceSynchronously(networkingContext(), newRequest, storedCredentials, error, response, data);
#if ENABLE(OFFLINE_WEB_APPLICATIONS)
            documentLoader()->applicationCacheHost()->maybeLoadFallbackSynchronously(newRequest, error, response, data);
        }
#endif
    }
    int encodedDataLength = response.resourceLoadInfo() ? static_cast<int>(response.resourceLoadInfo()->encodedDataLength) : -1;
        notifier()->sendRemainingDelegateMessages(m_documentLoader.get(), identifier, response, data.data(), data.size(), encodedDataLength, error);

When doing ResourceHandle::loadResourceSynchronously, it happens that, resource loading completes and documentLoader becomes NULL before reaching the line next to ResourceHandle::loadResourceSynchronously, which seems to be valid since this is a synchronous resource request. 

Added some debugging statements before and after this call and it proves that documentLoader is getting set to 0 before returning from ResourceHandle::loadResourceSynchronously. 

Given this, it make sense to guard documentLoader de-referencing with a NULL check after calling ResourceHandle::loadResourceSynchronously.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list