REGRESSION(r217515): Correct iterator invalidation bug (AGAIN)
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 May 2017 16:57:20 +0000 (16:57 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 May 2017 16:57:20 +0000 (16:57 +0000)
https://bugs.webkit.org/show_bug.cgi?id=172722
<rdar://problem/32462876>

Reviewed by Zalan Bujtas.

Over-enthusiastic clean-up during r217515 re-introduced a bug caused by holding a reference
to an iterator that gets invalidated while handling the frame navigation. This patch returns
to the copy/set behavior used prior to r217515.

* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::logFrameNavigation): Make a copy of the returned value, since
the iterator will be invalidated during the function call. Then set the copy back in the data
store with the updated counts.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217558 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/loader/ResourceLoadObserver.cpp

index 7da6e51..397a380 100644 (file)
@@ -1,3 +1,20 @@
+2017-05-30  Brent Fulgham  <bfulgham@apple.com>
+
+        REGRESSION(r217515): Correct iterator invalidation bug (AGAIN)
+        https://bugs.webkit.org/show_bug.cgi?id=172722
+        <rdar://problem/32462876>
+
+        Reviewed by Zalan Bujtas.
+
+        Over-enthusiastic clean-up during r217515 re-introduced a bug caused by holding a reference
+        to an iterator that gets invalidated while handling the frame navigation. This patch returns
+        to the copy/set behavior used prior to r217515. 
+
+        * loader/ResourceLoadObserver.cpp:
+        (WebCore::ResourceLoadObserver::logFrameNavigation): Make a copy of the returned value, since
+        the iterator will be invalidated during the function call. Then set the copy back in the data
+        store with the updated counts.
+
 2017-05-30  Fujii Hironori  <Hironori.Fujii@sony.com>
 
         [WinCairo] TestWebKitAPI: SHOULD NEVER BE REACHED in WebCore::cairoSurfaceSize
index 6c07fac..a34718a 100644 (file)
@@ -155,7 +155,8 @@ void ResourceLoadObserver::logFrameNavigation(const Frame& frame, const Frame& t
         
         {
         auto locker = holdLock(m_store->statisticsLock());
-        auto& targetStatistics = m_store->ensureResourceStatisticsForPrimaryDomain(targetPrimaryDomain);
+        // We must make a copy here, because later calls to 'ensureResourceStatisticsForPrimaryDomain' will invalidate the returned reference::
+        auto targetStatistics = m_store->ensureResourceStatisticsForPrimaryDomain(targetPrimaryDomain);
 
         // Always fire if we have previously removed data records for this domain
         shouldFireDataModificationHandler = targetStatistics.dataRecordsRemoved > 0;
@@ -205,6 +206,8 @@ void ResourceLoadObserver::logFrameNavigation(const Frame& frame, const Frame& t
                 }
             }
         }
+            
+        m_store->setResourceStatisticsForPrimaryDomain(targetPrimaryDomain, WTFMove(targetStatistics));
         } // Release lock
         
         if (shouldFireDataModificationHandler)