Ignore:
Timestamp:
Jun 1, 2021, 3:03:35 PM (4 years ago)
Author:
Chris Dumez
Message:

Fix unsafe access to m_upload in XMLHttpRequest::virtualHasPendingActivity()
https://bugs.webkit.org/show_bug.cgi?id=226508

Reviewed by Geoffrey Garen.

Source/WebCore:

Fix unsafe access to m_upload in XMLHttpRequest::virtualHasPendingActivity() as virtualHasPendingActivity()
may get called off the main thread and m_upload gets initialized lazily on the main thread.

Tests: fast/xmlhttprequest/xmlhttprequest-upload-sameobject.html

http/tests/xmlhttprequest/upload-progress-events-gc.html

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::updateHasRelevantEventListener):
(WebCore::XMLHttpRequest::eventListenersDidChange):
(WebCore::XMLHttpRequest::virtualHasPendingActivity const):

  • xml/XMLHttpRequest.h:
  • xml/XMLHttpRequest.idl:
  • xml/XMLHttpRequestUpload.cpp:

(WebCore::XMLHttpRequestUpload::eventListenersDidChange):
(WebCore::XMLHttpRequestUpload::hasRelevantEventListener const):

  • xml/XMLHttpRequestUpload.h:

LayoutTests:

Improve layout test coverage to make sure that XMLHttpRequest.upload always returns
the same object and that progress events on XMLHttpRequest.upload still get fired
after GC.

  • fast/xmlhttprequest/xmlhttprequest-upload-sameobject-expected.txt: Added.
  • fast/xmlhttprequest/xmlhttprequest-upload-sameobject.html: Added.
  • http/tests/xmlhttprequest/upload-progress-events-gc-expected.txt: Added.
  • http/tests/xmlhttprequest/upload-progress-events-gc.html: Added.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/xml/XMLHttpRequestUpload.cpp

    r259080 r278329  
    4444void XMLHttpRequestUpload::eventListenersDidChange()
    4545{
    46     m_hasRelevantEventListener = hasEventListeners(eventNames().abortEvent)
     46    m_request.updateHasRelevantEventListener();
     47}
     48
     49bool XMLHttpRequestUpload::hasRelevantEventListener() const
     50{
     51    return hasEventListeners(eventNames().abortEvent)
    4752        || hasEventListeners(eventNames().errorEvent)
    4853        || hasEventListeners(eventNames().loadEvent)
Note: See TracChangeset for help on using the changeset viewer.