Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/web/WebEmbeddedWorkerImpl.cpp

Issue 449533003: Fix UAF crash bug in WebEmbeddedWorkerImpl. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Edit LayoutTests/LeakExpectations Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/LeakExpectations ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google Inc. All rights reserved. 2 * Copyright (C) 2013 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after
197 if (data.pauseAfterDownloadMode == WebEmbeddedWorkerStartData::PauseAfterDow nload) 197 if (data.pauseAfterDownloadMode == WebEmbeddedWorkerStartData::PauseAfterDow nload)
198 m_pauseAfterDownloadState = DoPauseAfterDownload; 198 m_pauseAfterDownloadState = DoPauseAfterDownload;
199 prepareShadowPageForLoader(); 199 prepareShadowPageForLoader();
200 } 200 }
201 201
202 void WebEmbeddedWorkerImpl::terminateWorkerContext() 202 void WebEmbeddedWorkerImpl::terminateWorkerContext()
203 { 203 {
204 if (m_askedToTerminate) 204 if (m_askedToTerminate)
205 return; 205 return;
206 m_askedToTerminate = true; 206 m_askedToTerminate = true;
207 if (m_mainScriptLoader) 207 if (m_mainScriptLoader) {
208 m_mainScriptLoader->cancel(); 208 m_mainScriptLoader->cancel();
209 m_mainScriptLoader.clear();
210 // This may delete 'this'.
211 m_workerContextClient->workerContextFailedToStart();
212 return;
213 }
209 if (m_pauseAfterDownloadState == IsPausedAfterDownload) { 214 if (m_pauseAfterDownloadState == IsPausedAfterDownload) {
210 // This may delete 'this'. 215 // This may delete 'this'.
211 m_workerContextClient->workerContextFailedToStart(); 216 m_workerContextClient->workerContextFailedToStart();
212 return; 217 return;
213 } 218 }
214 if (m_workerThread) 219 if (m_workerThread)
215 m_workerThread->stop(); 220 m_workerThread->stop();
216 } 221 }
217 222
218 namespace { 223 namespace {
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
330 m_mainScriptLoader->load( 335 m_mainScriptLoader->load(
331 toWebLocalFrameImpl(m_mainFrame)->frame()->document(), 336 toWebLocalFrameImpl(m_mainFrame)->frame()->document(),
332 m_workerStartData.scriptURL, 337 m_workerStartData.scriptURL,
333 bind(&WebEmbeddedWorkerImpl::onScriptLoaderFinished, this)); 338 bind(&WebEmbeddedWorkerImpl::onScriptLoaderFinished, this));
334 } 339 }
335 340
336 void WebEmbeddedWorkerImpl::onScriptLoaderFinished() 341 void WebEmbeddedWorkerImpl::onScriptLoaderFinished()
337 { 342 {
338 ASSERT(m_mainScriptLoader); 343 ASSERT(m_mainScriptLoader);
339 344
340 if (m_mainScriptLoader->failed() || m_askedToTerminate) { 345 if (m_askedToTerminate)
346 return;
347
348 if (m_mainScriptLoader->failed()) {
341 m_mainScriptLoader.clear(); 349 m_mainScriptLoader.clear();
342 // This may delete 'this'. 350 // This may delete 'this'.
343 m_workerContextClient->workerContextFailedToStart(); 351 m_workerContextClient->workerContextFailedToStart();
344 return; 352 return;
345 } 353 }
346 354
347 if (m_pauseAfterDownloadState == DoPauseAfterDownload) { 355 if (m_pauseAfterDownloadState == DoPauseAfterDownload) {
348 m_pauseAfterDownloadState = IsPausedAfterDownload; 356 m_pauseAfterDownloadState = IsPausedAfterDownload;
349 m_workerContextClient->didPauseAfterDownload(); 357 m_workerContextClient->didPauseAfterDownload();
350 return; 358 return;
(...skipping 28 matching lines...) Expand all
379 m_mainScriptLoader.clear(); 387 m_mainScriptLoader.clear();
380 388
381 m_workerGlobalScopeProxy = ServiceWorkerGlobalScopeProxy::create(*this, *toW ebLocalFrameImpl(m_mainFrame)->frame()->document(), *m_workerContextClient); 389 m_workerGlobalScopeProxy = ServiceWorkerGlobalScopeProxy::create(*this, *toW ebLocalFrameImpl(m_mainFrame)->frame()->document(), *m_workerContextClient);
382 m_loaderProxy = LoaderProxy::create(*this); 390 m_loaderProxy = LoaderProxy::create(*this);
383 391
384 m_workerThread = ServiceWorkerThread::create(*m_loaderProxy, *m_workerGlobal ScopeProxy, startupData.release()); 392 m_workerThread = ServiceWorkerThread::create(*m_loaderProxy, *m_workerGlobal ScopeProxy, startupData.release());
385 m_workerThread->start(); 393 m_workerThread->start();
386 } 394 }
387 395
388 } // namespace blink 396 } // namespace blink
OLDNEW
« no previous file with comments | « LayoutTests/LeakExpectations ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698