Reviewed by Darin Adler.
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 5 Aug 2007 10:52:19 +0000 (10:52 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 5 Aug 2007 10:52:19 +0000 (10:52 +0000)
        <rdar://problem/5369110> CrashTracer: [USER] reproducible crash opening particular mail messages

        * platform/network/mac/ResourceHandleMac.mm:
        (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]): Make sure to retain
        self for the body of this method. Otherwise, the willSendRequest could trigger events which will
        cancel the connection, and we access ivars after this point.
        (-[WebCoreSynchronousLoader connection:willSendRequest:redirectResponse:]): retain and release
        in the right order.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@24875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/platform/network/mac/ResourceHandleMac.mm

index a2764868cf9fcdeea83dda4110abfd7a2cb48956..74e34af06e2e483c71747a65f1bce41002dc6de0 100644 (file)
@@ -1,3 +1,16 @@
+2007-08-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        <rdar://problem/5369110> CrashTracer: [USER] reproducible crash opening particular mail messages
+
+        * platform/network/mac/ResourceHandleMac.mm:
+        (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]): Make sure to retain
+        self for the body of this method. Otherwise, the willSendRequest could trigger events which will
+        cancel the connection, and we access ivars after this point.
+        (-[WebCoreSynchronousLoader connection:willSendRequest:redirectResponse:]): retain and release
+        in the right order.
+
 2007-08-04  Adam Roben  <aroben@apple.com>
 
         Another workaround for <rdar://problem/5386894>
 2007-08-04  Adam Roben  <aroben@apple.com>
 
         Another workaround for <rdar://problem/5386894>
index dabd32f5c9abbe49e8e54fd02f563f7c7a1fe8d7..4360c8f707dcd91ae7500ee504d4cb96be0269ff 100644 (file)
@@ -345,6 +345,9 @@ void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challen
 
 - (NSURLRequest *)connection:(NSURLConnection *)con willSendRequest:(NSURLRequest *)newRequest redirectResponse:(NSURLResponse *)redirectResponse
 {
 
 - (NSURLRequest *)connection:(NSURLConnection *)con willSendRequest:(NSURLRequest *)newRequest redirectResponse:(NSURLResponse *)redirectResponse
 {
+    // the willSendRequest call may cancel this load, in which case self could be deallocated
+    RetainPtr<WebCoreResourceHandleAsDelegate> protect(self);
+
     if (!m_handle || !m_handle->client())
         return nil;
     ++inNSURLConnectionCallback;
     if (!m_handle || !m_handle->client())
         return nil;
     ++inNSURLConnectionCallback;
@@ -352,8 +355,9 @@ void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challen
     m_handle->client()->willSendRequest(m_handle, request, redirectResponse);
     --inNSURLConnectionCallback;
 #ifndef BUILDING_ON_TIGER
     m_handle->client()->willSendRequest(m_handle, request, redirectResponse);
     --inNSURLConnectionCallback;
 #ifndef BUILDING_ON_TIGER
+    NSURL *copy = [[request.nsURLRequest() URL] copy];
     [m_url release];
     [m_url release];
-    m_url = [[request.nsURLRequest() URL] copy];    
+    m_url = copy;
 #endif
     
     return request.nsURLRequest();
 #endif
     
     return request.nsURLRequest();
@@ -514,8 +518,9 @@ void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challen
 
 - (NSURLRequest *)connection:(NSURLConnection *)connection willSendRequest:(NSURLRequest *)newRequest redirectResponse:(NSURLResponse *)redirectResponse
 {
 
 - (NSURLRequest *)connection:(NSURLConnection *)connection willSendRequest:(NSURLRequest *)newRequest redirectResponse:(NSURLResponse *)redirectResponse
 {
+    NSURL *copy = [[newRequest URL] copy];
     [m_url release];
     [m_url release];
-    m_url = [[newRequest URL] copy];
+    m_url = copy;
 
     return newRequest;
 }
 
     return newRequest;
 }