[XHR] Abort method execution when m_loader->cancel() in internalAbort() caused reentry
https://bugs.webkit.org/show_bug.cgi?id=126975
Patch by Youenn Fablet <youennf@gmail.com> on 2014-10-14
Reviewed by Alexey Proskuryakov.
Source/WebCore:
Merging https://chromium.googlesource.com/chromium/blink/+/0d75daf2053631518606ae15daaece701a25b2c4
Ensuring new test from https://codereview.chromium.org/76133002/ is passing.
Test: http/tests/xmlhttprequest/reentrant-cancel-abort.html
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open): exit early if internalAbort asks so
(WebCore::XMLHttpRequest::abort): exit early if internalAbort asks so
(WebCore::XMLHttpRequest::internalAbort): ask calling function to exit early if a new loader is created during the cancellation of the loader (potential reentrant case through window.onload callback)
(WebCore::XMLHttpRequest::didTimeout): exit early if internalAbort asks so
* xml/XMLHttpRequest.h:
LayoutTests:
Adding reentrant-cancel-abort.html (from https://codereview.chromium.org/76133002/)
that crashes without the patch
Updated reentrant-cancel.html test to expect the exception
that is now hit in initSend function (since a XHR open() call is aborted)
* http/tests/xmlhttprequest/reentrant-cancel-abort-expected.txt: Added.
* http/tests/xmlhttprequest/reentrant-cancel-abort.html: Added.
* http/tests/xmlhttprequest/reentrant-cancel.html:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@174684 268f45cc-cd09-0410-ab3c-d52691b4dbfc
7 files changed
