WebKit Bugzilla
Attachment 362085 Details for
Bug 194523
: REGRESSION: ( r240978-r240985 ) [ iOS Release ] Layout Test imported/w3c/web-platform-tests/xhr/send-redirect-post-upload.htm is crashing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194523-20190214173149.patch (text/plain), 2.72 KB, created by
Alex Christensen
on 2019-02-14 17:31:49 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Alex Christensen
Created:
2019-02-14 17:31:49 PST
Size:
2.72 KB
patch
obsolete
>Index: Source/WebCore/ChangeLog >=================================================================== >--- Source/WebCore/ChangeLog (revision 241573) >+++ Source/WebCore/ChangeLog (working copy) >@@ -1,3 +1,19 @@ >+2019-02-14 Alex Christensen <achristensen@webkit.org> >+ >+ REGRESSION: ( r240978-r240985 ) [ iOS Release ] Layout Test imported/w3c/web-platform-tests/xhr/send-redirect-post-upload.htm is crashing >+ https://bugs.webkit.org/show_bug.cgi?id=194523 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ The scope of the FormCreationContext was limited to the scope of createHTTPBodyCFReadStream, >+ so when it was used in formCreate it was lucky to get the same context if the stack hadn't been overwritten >+ and if the FormData hadn't been freed. Instead, keep it alive with new/delete like we do the FormStreamFields. >+ A younger me should've noticed this when reviewing r218517. >+ >+ * platform/network/cf/FormDataStreamCFNet.cpp: >+ (WebCore::formCreate): >+ (WebCore::createHTTPBodyCFReadStream): >+ > 2019-02-14 Joseph Pecoraro <pecoraro@apple.com> > > Web Inspector: Occasional crash under WebCore::CSSStyleSheet::item called from Inspector >Index: Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp >=================================================================== >--- Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp (revision 241572) >+++ Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp (working copy) >@@ -216,6 +216,10 @@ static void* formCreate(CFReadStreamRef > newInfo->formStream = stream; // Don't retain. That would create a reference cycle. > newInfo->streamLength = formContext->streamLength; > newInfo->bytesSent = 0; >+ >+ callOnMainThread([formContext] { >+ delete formContext; >+ }); > > // Append in reverse order since we remove elements from the end. > size_t size = newInfo->formData->elements().size(); >@@ -380,9 +384,9 @@ RetainPtr<CFReadStreamRef> createHTTPBod > for (auto& element : resolvedFormData->elements()) > length += element.lengthInBytes(); > >- FormCreationContext formContext = { WTFMove(resolvedFormData), length }; >+ FormCreationContext* formContext = new FormCreationContext { WTFMove(resolvedFormData), length }; > CFReadStreamCallBacksV1 callBacks = { 1, formCreate, formFinalize, nullptr, formOpen, nullptr, formRead, nullptr, formCanRead, formClose, formCopyProperty, nullptr, nullptr, formSchedule, formUnschedule }; >- return adoptCF(CFReadStreamCreate(nullptr, static_cast<const void*>(&callBacks), &formContext)); >+ return adoptCF(CFReadStreamCreate(nullptr, static_cast<const void*>(&callBacks), formContext)); > } > > void setHTTPBody(CFMutableURLRequestRef request, FormData* formData)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=362085">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194523
:
362085
|
362434
|
364041