Commit 08fec9a9 authored by beidson@apple.com's avatar beidson@apple.com

Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)

https://bugs.webkit.org/show_bug.cgi?id=125110

Reviewed by Darin Adler.

It’s possible to have a null m_originatingProgressFrame when the heartbeat timer fires.

On the surface this seems impossible because the only time m_originatingProgressFrame is cleared
out the heartbeat timer is also stopped.

But there’s likely still a race condition in multi-threaded environments.

There’s no harm in null-checking m_originatingProgressFrame before accessing its loader.

* loader/ProgressTracker.cpp:
(WebCore::ProgressTracker::progressHeartbeatTimerFired):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159974 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent fa3a0000
2013-12-02 Brady Eidson <beidson@apple.com>
Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
https://bugs.webkit.org/show_bug.cgi?id=125110
Reviewed by Darin Adler.
It’s possible to have a null m_originatingProgressFrame when the heartbeat timer fires.
On the surface this seems impossible because the only time m_originatingProgressFrame is cleared
out the heartbeat timer is also stopped.
But there’s likely still a race condition in multi-threaded environments.
There’s no harm in null-checking m_originatingProgressFrame before accessing its loader.
* loader/ProgressTracker.cpp:
(WebCore::ProgressTracker::progressHeartbeatTimerFired):
2013-12-02 Brady Eidson <beidson@apple.com>
Add more CachedPage null checks
......@@ -295,7 +295,8 @@ void ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
m_totalBytesReceivedBeforePreviousHeartbeat = m_totalBytesReceived;
m_originatingProgressFrame->loader().loadProgressingStatusChanged();
if (m_originatingProgressFrame)
m_originatingProgressFrame->loader().loadProgressingStatusChanged();
if (m_progressValue >= finalProgressValue)
m_progressHeartbeatTimer.stop();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment