REGRESSION(236463) DownloadManager can call a null CompletionHandler
authorachristensen@apple.com <achristensen@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Apr 2019 18:45:15 +0000 (18:45 +0000)
committerachristensen@apple.com <achristensen@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Apr 2019 18:45:15 +0000 (18:45 +0000)
https://bugs.webkit.org/show_bug.cgi?id=196414
<rdar://problem/48389434>

Reviewed by Geoff Garen.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::convertToDownload):
DownloadManager::continueDecidePendingDownloadDestination is being called when there is no completion handler.
r236463 introduced an unchecked code path that can allow this to happen.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244030 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

index 3bde10f..be17beb 100644 (file)
@@ -1,3 +1,16 @@
+2019-04-08  Alex Christensen  <achristensen@webkit.org>
+
+        REGRESSION(236463) DownloadManager can call a null CompletionHandler
+        https://bugs.webkit.org/show_bug.cgi?id=196414
+        <rdar://problem/48389434>
+
+        Reviewed by Geoff Garen.
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::convertToDownload):
+        DownloadManager::continueDecidePendingDownloadDestination is being called when there is no completion handler.
+        r236463 introduced an unchecked code path that can allow this to happen.
+
 2019-04-07  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r243956.
index f8e4642..6539536 100644 (file)
@@ -321,8 +321,8 @@ void NetworkResourceLoader::convertToDownload(DownloadID downloadID, const Resou
         return;
     }
 
-    ASSERT(m_responseCompletionHandler);
-    m_connection->networkProcess().downloadManager().convertNetworkLoadToDownload(downloadID, std::exchange(m_networkLoad, nullptr), WTFMove(m_responseCompletionHandler), WTFMove(m_fileReferences), request, response);
+    if (m_responseCompletionHandler)
+        m_connection->networkProcess().downloadManager().convertNetworkLoadToDownload(downloadID, std::exchange(m_networkLoad, nullptr), WTFMove(m_responseCompletionHandler), WTFMove(m_fileReferences), request, response);
 }
 
 void NetworkResourceLoader::abort()