third_party/WebKit/Source/core/fetch/CSSStyleSheetResource.cpp - Issue 1937033002: Fix crash in CSSStyleSheetResource::appendData

Side by Side Diff: third_party/WebKit/Source/core/fetch/CSSStyleSheetResource.cpp

Issue 1937033002: Fix crash in CSSStyleSheetResource::appendData (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)	2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)

3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)	3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)

4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)	4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)

5 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com)	5 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com)

6 Copyright (C) 2004, 2005, 2006 Apple Computer, Inc.	6 Copyright (C) 2004, 2005, 2006 Apple Computer, Inc.

7	7

8 This library is free software; you can redistribute it and/or	8 This library is free software; you can redistribute it and/or

9 modify it under the terms of the GNU Library General Public	9 modify it under the terms of the GNU Library General Public

10 License as published by the Free Software Foundation; either	10 License as published by the Free Software Foundation; either

(...skipping 84 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
95 if (!m_decodedSheetText.isNull())	95 if (!m_decodedSheetText.isNull())

96 return m_decodedSheetText;	96 return m_decodedSheetText;

97	97

98 // Don't cache the decoded text, regenerating is cheap and it can use quite a bit of memory	98 // Don't cache the decoded text, regenerating is cheap and it can use quite a bit of memory

99 return decodedText();	99 return decodedText();

100 }	100 }

101	101

102 void CSSStyleSheetResource::appendData(const char* data, size_t length)	102 void CSSStyleSheetResource::appendData(const char* data, size_t length)

103 {	103 {

104 Resource::appendData(data, length);	104 Resource::appendData(data, length);

	105 if (!m_data)
	Nate Chapin 2016/05/02 19:00:43 This should only be possible when m_options.dataBu This should only be possible when m_options.dataBufferingPolicy == DoNotBufferData, but it doesn't look like CSSStyleSheetResource loads ever use DoNotBufferData. Charlie Harrison 2016/05/02 19:27:56 Ah good point. Show quoted text On 2016/05/02 19:00:43, Nate Chapin wrote: > This should only be possible when m_options.dataBufferingPolicy == > DoNotBufferData, but it doesn't look like CSSStyleSheetResource loads ever use > DoNotBufferData. Ah good point.
	106 return;

105 if (m_didNotifyFirstData)	107 if (m_didNotifyFirstData)

106 return;	108 return;

107 ResourceClientWalker<StyleSheetResourceClient> w(m_clients);	109 ResourceClientWalker<StyleSheetResourceClient> w(m_clients);

108 while (StyleSheetResourceClient* c = w.next())	110 while (StyleSheetResourceClient* c = w.next())

109 c->didAppendFirstData(this);	111 c->didAppendFirstData(this);
	Nate Chapin 2016/05/02 19:00:43 I'm wondering whether this bug is happening when t I'm wondering whether this bug is happening when there are multiple m_clients, and one of the clients cancels the load (thus clearing m_data) inside didAppendFirstData(), causing the next client to crash. Charlie Harrison 2016/05/02 19:27:56 Hm well there's only one client of didAppendFirstD Show quoted text On 2016/05/02 19:00:43, Nate Chapin wrote: > I'm wondering whether this bug is happening when there are multiple m_clients, > and one of the clients cancels the load (thus clearing m_data) inside > didAppendFirstData(), causing the next client to crash. Hm well there's only one client of didAppendFirstData and they don't cancel any loads.
110 m_didNotifyFirstData = true;	112 m_didNotifyFirstData = true;

111 }	113 }

112	114

113 void CSSStyleSheetResource::checkNotify()	115 void CSSStyleSheetResource::checkNotify()

114 {	116 {

115 // Decode the data to find out the encoding and keep the sheet text around d uring checkNotify()	117 // Decode the data to find out the encoding and keep the sheet text around d uring checkNotify()

116 if (m_data)	118 if (m_data)

117 m_decodedSheetText = decodedText();	119 m_decodedSheetText = decodedText();

118	120

119 ResourceClientWalker<StyleSheetResourceClient> w(m_clients);	121 ResourceClientWalker<StyleSheetResourceClient> w(m_clients);

(...skipping 69 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
189	191

190 setDecodedSize(m_parsedStyleSheetCache->estimatedSizeInBytes());	192 setDecodedSize(m_parsedStyleSheetCache->estimatedSizeInBytes());

191	193

192 // Check if this stylesheet resource didn't conflict with	194 // Check if this stylesheet resource didn't conflict with

193 // another resource and has indeed been added to the cache.	195 // another resource and has indeed been added to the cache.

194 if (memoryCache()->contains(this))	196 if (memoryCache()->contains(this))

195 m_parsedStyleSheetCache->addedToMemoryCache();	197 m_parsedStyleSheetCache->addedToMemoryCache();

196 }	198 }

197	199

198 } // namespace blink	200 } // namespace blink

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »