nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/LayoutTests/contentfiltering/allow-media-document-expect...

3 lines
40 B
Plaintext
Raw Permalink Normal View History

[Content Filtering] Crash in DocumentLoader::notifyFinished() when allowing a media document to load https://bugs.webkit.org/show_bug.cgi?id=151433 rdar://problem/23506594 Reviewed by Alexey Proskuryakov. Source/WebCore: When the main resource of a media document commits, WebKit cancels its load since the plug-in or media engine will do its own loading. If content filtering is enabled, and the filter waits allow the load until the entire resource is downloaded, then ContentFilter will attempt to call DocumentLoader::notifyFinished() immediately after delivering the buffered resource data to DocumentLoader. However, delivering the data will have nulled out DocumentLoader's m_mainResource when the load was cancelled, leading to a crash in notifyFinished(). To resolve this, add a new Stopped state to ContentFilter. Set this state if DocumentLoader clears its main resource or detaches from its frame. If ContentFilter is in the Stopped state after calling DocumentLoader::dataReceived(), do not proceed to call DocumentLoader::notifyFinished(). Test: contentfiltering/allow-media-document.html * loader/ContentFilter.cpp: (WebCore::ContentFilter::stopFilteringMainResource): Set m_state to Stopped. If m_mainResource is non-null, removed ContentFilter as a client and set m_mainResource to null. (WebCore::ContentFilter::notifyFinished): Stopped calling DocumentLoader::notifyFinished() if m_state is Stopped after calling DocumentLoader::dataReceived(). * loader/ContentFilter.h: * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::detachFromFrame): Called ContentFilter::stopFilteringMainResource() instead of setting m_contentFilter to null. (WebCore::DocumentLoader::clearMainResource): Ditto. LayoutTests: * contentfiltering/allow-media-document-expected.txt: Added. * contentfiltering/allow-media-document.html: Added. * contentfiltering/resources/test.mp4: Added. Canonical link: https://commits.webkit.org/169733@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@192772 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2015-11-26 07:08:43 +00:00
This test passes if it does not crash.