angler-fishThe Vulnerability History Project

DocumentThreadableLoader: Add guards for sync notifyFinished() in setResource()

      In loadRequest(), setResource() can call clear() synchronously:
  DocumentThreadableLoader::clear()
  DocumentThreadableLoader::handleError()
  Resource::didAddClient()
  RawResource::didAddClient()
and thus |m_client| can be null while resource() isn't null after setResource(),
causing crashes (Issue 595964).

This CL checks whether |*this| is destructed and
whether |m_client| is null after setResource().

BUG=595964

Review-Url: https://codereview.chromium.org/1902683002
Cr-Commit-Position: refs/heads/master@{#391001}
by Dakota the Komodo Dragon 2016-05-02 18:30:41 UTC
commit 2571533bbb5b554ff47205c8ef1513ccc0817c3e
Chromium
third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
-12
expand_less