Source/WebCore: Crash in CachedRawResource::responseReceived().
authorjaphet@chromium.org <japhet@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Feb 2013 19:40:02 +0000 (19:40 +0000)
committerjaphet@chromium.org <japhet@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Feb 2013 19:40:02 +0000 (19:40 +0000)
https://bugs.webkit.org/show_bug.cgi?id=110482

Reviewed by Adam Barth.

Test: http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html

* loader/cache/CachedRawResource.cpp:
(WebCore::CachedRawResource::responseReceived):

LayoutTests: Test for https://bugs.webkit.org/show_bug.cgi?id=110482

Reviewed by Adam Barth.

* http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html: Added.
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@144338 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html [new file with mode: 0644]
LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/cache/CachedRawResource.cpp

index c935212ed6917f4787c599a5c926065ca08cef41..0634c265abbb2e5d70bd7f0c23870d3fe6d476eb 100644 (file)
@@ -1,3 +1,13 @@
+2013-02-28  Nate Chapin  <japhet@chromium.org>
+
+        Test for https://bugs.webkit.org/show_bug.cgi?id=110482
+
+        Reviewed by Adam Barth.
+
+        * http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt: Added.
+        * http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html: Added.
+        * platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt: Added.
+
 2013-02-28  Chris Fleizach  <cfleizach@apple.com>
 
         WebSpeech: support the boundary event
diff --git a/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt b/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt
new file mode 100644 (file)
index 0000000..c3529ca
--- /dev/null
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi' in a frame because it set 'X-Frame-Options' to 'deny'.
+Test that two main resources pointing to the same url that are canceled within didReceiveResponse() don't cause us to crash.  
diff --git a/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html b/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html
new file mode 100644 (file)
index 0000000..87afcaa
--- /dev/null
@@ -0,0 +1,14 @@
+<html>
+<head>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+Test that two main resources pointing to the same url that are canceled within didReceiveResponse() don't cause us to crash.
+
+<iframe src="http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi"></iframe>
+<iframe src="http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt b/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt
new file mode 100644 (file)
index 0000000..8b26eb9
--- /dev/null
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi' in a frame because it set 'X-Frame-Options' to 'deny'.
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi' in a frame because it set 'X-Frame-Options' to 'deny'.
+Test that two main resources pointing to the same url that are canceled within didReceiveResponse() don't cause us to crash.  
index 0d55d494c0ee8d48370269ce9a69e99b8e8009f7..848a2ba7277f6c6abc2b6ad6596a7a6a3788a5f3 100644 (file)
@@ -1,3 +1,15 @@
+2013-02-28  Nate Chapin  <japhet@chromium.org>
+
+        Crash in CachedRawResource::responseReceived().
+        https://bugs.webkit.org/show_bug.cgi?id=110482
+
+        Reviewed by Adam Barth.
+
+        Test: http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html
+
+        * loader/cache/CachedRawResource.cpp:
+        (WebCore::CachedRawResource::responseReceived):
+
 2013-02-28  Eric Carlson  <eric.carlson@apple.com>
 
         [Mac] use HAVE() macro instead of version check
index a6041a6caafed5f72884e52c92d44dfe8b5bd0b4..de25cb9db60e455eb4d48bf6ccc842880305a067 100644 (file)
@@ -128,6 +128,7 @@ void CachedRawResource::willSendRequest(ResourceRequest& request, const Resource
 
 void CachedRawResource::responseReceived(const ResourceResponse& response)
 {
+    CachedResourceHandle<CachedRawResource> protect(this);
     if (!m_identifier)
         m_identifier = m_loader->identifier();
     CachedResource::responseReceived(response);