/[blink]
Chromium logo

Revision 157760


Jump to revision: Previous Next
Author: pan.deng@chromium.org
Date: Fri Sep 13 17:04:53 2013 UTC (9 years, 8 months ago)
Changed paths: 3
Log Message:
[Resource Timing] Fix potential double free problem

  Currently, ResourceTimingInfoMap in ResourceFetcher releases a 
ResourceTimingInfo after a resource is reported.
  If when blink is in reporting a resource entry, which lead to buffer full and 
immediately invoke "window.stop()" as callback, it will dive into 
ResourceFetcher::didLoadResource again, and release the memory in a nested. 
After that,the outer double free the memory as it just report the entry.
  This patch remove ResourceTiming from map ealier and prevent the double free case.

Contributed by lifeasageek@gmail.com and pan.deng@intel.com

BUG=286414

Review URL: https://chromiumcodereview.appspot.com/23498018

Changed paths

Path Details
Directorytrunk/LayoutTests/http/tests/misc/stop-loading-on-resource-timing-buffer-full-crash-expected.txt added
Directorytrunk/LayoutTests/http/tests/misc/stop-loading-on-resource-timing-buffer-full-crash.html added
Directorytrunk/Source/core/fetch/ResourceFetcher.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help