REGRESSION (r146239): Reproducible crash in WebCore::DocumentLoader::responseReceived.
authorjaphet@chromium.org <japhet@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Mar 2013 17:05:12 +0000 (17:05 +0000)
committerjaphet@chromium.org <japhet@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Mar 2013 17:05:12 +0000 (17:05 +0000)
https://bugs.webkit.org/show_bug.cgi?id=112811

Reviewed by Brady Eidson.

Source/WebCore:

Test: http/tests/cache/x-frame-options-304.html

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived):
* loader/cache/CachedRawResource.cpp:
(WebCore::CachedRawResource::switchClientsToRevalidatedResource):
* loader/cache/CachedRawResource.h:

LayoutTests:

* http/tests/cache/resources/x-frame-options.php: Added.
* http/tests/cache/x-frame-options-304-expected.txt: Added.
* http/tests/cache/x-frame-options-304.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@146626 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/cache/resources/x-frame-options.php [new file with mode: 0644]
LayoutTests/http/tests/cache/x-frame-options-304-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/cache/x-frame-options-304.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/DocumentLoader.cpp
Source/WebCore/loader/cache/CachedRawResource.cpp
Source/WebCore/loader/cache/CachedRawResource.h

index 4bde92e..169e298 100644 (file)
@@ -1,3 +1,14 @@
+2013-03-22  Nate Chapin  <japhet@chromium.org>
+
+        REGRESSION (r146239): Reproducible crash in WebCore::DocumentLoader::responseReceived.
+        https://bugs.webkit.org/show_bug.cgi?id=112811
+
+        Reviewed by Brady Eidson.
+
+        * http/tests/cache/resources/x-frame-options.php: Added.
+        * http/tests/cache/x-frame-options-304-expected.txt: Added.
+        * http/tests/cache/x-frame-options-304.html: Added.
+
 2013-03-22  Ryosuke Niwa  <rniwa@webkit.org>
 
         Add flaky crash expectations on some media tests per bugs 113075 and 113076.
diff --git a/LayoutTests/http/tests/cache/resources/x-frame-options.php b/LayoutTests/http/tests/cache/resources/x-frame-options.php
new file mode 100644 (file)
index 0000000..82a8ddc
--- /dev/null
@@ -0,0 +1,26 @@
+<?php\r
+require_once '../../resources/portabilityLayer.php';\r
+\r
+clearstatcache();\r
+\r
+if ($_SERVER["HTTP_IF_MODIFIED_SINCE"]) {\r
+    header("HTTP/1.0 304 Not Modified");\r
+    exit();\r
+}\r
+$one_year = 12 * 31 * 24 * 60 * 60;\r
+$last_modified = gmdate(DATE_RFC1123, time() - $one_year);\r
+$expires = gmdate(DATE_RFC1123, time() + $one_year);\r
+
+\r
+header('Cache-Control: no-cache, max-age=' . $one_year);\r
+header('Expires: ' . $expires);\r
+header('Content-Type: text/html');\r
+header('Etag: 123456789');\r
+header('Last-Modified: ' . $last_modified);\r
+header('X-FRAME-OPTIONS: ALLOWALL');
+
+echo "<body><script>\n";
+echo "window.onload = function() { window.parent.test(); }\n";
+echo "</script></body>\n";
+\r
+?>\r
diff --git a/LayoutTests/http/tests/cache/x-frame-options-304-expected.txt b/LayoutTests/http/tests/cache/x-frame-options-304-expected.txt
new file mode 100644 (file)
index 0000000..1c0e952
--- /dev/null
@@ -0,0 +1 @@
+Test that a 304 response for a resource with an X-Frame-Options header doesn't cause us to crash. 
diff --git a/LayoutTests/http/tests/cache/x-frame-options-304.html b/LayoutTests/http/tests/cache/x-frame-options-304.html
new file mode 100644 (file)
index 0000000..984fcf3
--- /dev/null
@@ -0,0 +1,25 @@
+<body>
+Test that a 304 response for a resource with an X-Frame-Options header doesn't cause us to crash.
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+testCalls = 0;
+
+function test() {
+    testCalls++;
+    if (testCalls > 1) {
+        testRunner.notifyDone();
+        return;
+    }
+
+    document.body.removeChild(document.body.lastChild);
+    var iframe = document.createElement("iframe");
+    iframe.src = "resources/x-frame-options.php"
+    document.body.appendChild(iframe);
+}
+</script>
+<iframe src="resources/x-frame-options.php"></iframe>
+</body>
index 28e6e9f..44c80ef 100644 (file)
@@ -1,3 +1,18 @@
+2013-03-22  Nate Chapin  <japhet@chromium.org>
+
+        REGRESSION (r146239): Reproducible crash in WebCore::DocumentLoader::responseReceived.
+        https://bugs.webkit.org/show_bug.cgi?id=112811
+
+        Reviewed by Brady Eidson.
+
+        Test: http/tests/cache/x-frame-options-304.html
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::responseReceived):
+        * loader/cache/CachedRawResource.cpp:
+        (WebCore::CachedRawResource::switchClientsToRevalidatedResource):
+        * loader/cache/CachedRawResource.h:
+
 2013-03-22  Jer Noble  <jer.noble@apple.com>
 
         REGRESSION: -webkit-box-reflect does not show on video elements
index a1e595f..2d514ad 100644 (file)
@@ -581,7 +581,9 @@ void DocumentLoader::responseReceived(CachedResource* resource, const ResourceRe
     HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader);
     if (it != response.httpHeaderFields().end()) {
         String content = it->value;
-        unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : mainResourceLoader()->identifier();
+        ASSERT(m_mainResource);
+        unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
+        ASSERT(identifier);
         if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), identifier)) {
             InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, identifier, response);
             String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
index de25cb9..2c79fc0 100644 (file)
@@ -144,6 +144,15 @@ void CachedRawResource::didSendData(unsigned long long bytesSent, unsigned long
         c->dataSent(this, bytesSent, totalBytesToBeSent);
 }
 
+void CachedRawResource::switchClientsToRevalidatedResource()
+{
+    ASSERT(m_loader);
+    // If we're in the middle of a successful revalidation, responseReceived() hasn't been called, so we haven't set m_identifier.
+    ASSERT(!m_identifier);
+    static_cast<CachedRawResource*>(resourceToRevalidate())->m_identifier = m_loader->identifier();
+    CachedResource::switchClientsToRevalidatedResource();
+}
+
 void CachedRawResource::setDefersLoading(bool defers)
 {
     if (m_loader)
index 518afc8..6432a0a 100644 (file)
@@ -66,6 +66,8 @@ private:
     virtual void didDownloadData(int);
 #endif
 
+    virtual void switchClientsToRevalidatedResource() OVERRIDE;
+
     unsigned long m_identifier;
 
     struct RedirectPair {