From dd144bf9034d26dc1d07f4b006cb2903bd929588 Mon Sep 17 00:00:00 2001
From: Marshall Greenblatt <magreenblatt@gmail.com>
Date: Tue, 29 Nov 2011 16:38:31 +0000
Subject: [PATCH] Fix a crash due to m_resource being released while
 SubresourceLoader::didFinishLoading is executing (issue #439).

git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@398 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
---
 patch/patch.cfg                                   |  7 ++++++-
 patch/patches/webcore_subresloader.patch          | 15 +++++++++++++++
 .../{v8_custom.patch => webcore_v8_custom.patch}  |  0
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 patch/patches/webcore_subresloader.patch
 rename patch/patches/{v8_custom.patch => webcore_v8_custom.patch} (100%)

diff --git a/patch/patch.cfg b/patch/patch.cfg
index a8bd06470..632f560dd 100644
--- a/patch/patch.cfg
+++ b/patch/patch.cfg
@@ -23,9 +23,14 @@ patches = [
   },
   {
     # https://bugs.webkit.org/show_bug.cgi?id=73273
-    'name': 'v8_custom',
+    'name': 'webcore_v8_custom',
     'path': '../third_party/WebKit/Source/WebCore/bindings/v8/custom/'
   },
+  {
+    # https://bugs.webkit.org/show_bug.cgi?id=73325
+    'name': 'webcore_subresloader',
+    'path': '../third_party/WebKit/Source/WebCore/loader/',
+  },
   {
     # http://code.google.com/p/chromiumembedded/issues/detail?id=364
     'name': 'spi_webcore_364',
diff --git a/patch/patches/webcore_subresloader.patch b/patch/patches/webcore_subresloader.patch
new file mode 100644
index 000000000..ed616cda2
--- /dev/null
+++ b/patch/patches/webcore_subresloader.patch
@@ -0,0 +1,15 @@
+Index: SubresourceLoader.cpp
+===================================================================
+--- SubresourceLoader.cpp	(revision 100508)
++++ SubresourceLoader.cpp	(working copy)
+@@ -239,6 +239,10 @@
+     LOG(ResourceLoading, "Received '%s'.", m_resource->url().string().latin1().data());
+ 
+     RefPtr<SubresourceLoader> protect(this);
++    // If a load is canceled m_resource might be released in the call hierarchy originating
++    // from m_resource->data(). This causes the subsequent call to m_reosurce->finish() to crash
++    // unless m_resource is protected.
++    CachedResourceHandle<CachedResource> protect_res(m_resource);
+     m_state = Finishing;
+     m_resource->setLoadFinishTime(finishTime);
+     m_resource->data(resourceData(), true);
diff --git a/patch/patches/v8_custom.patch b/patch/patches/webcore_v8_custom.patch
similarity index 100%
rename from patch/patches/v8_custom.patch
rename to patch/patches/webcore_v8_custom.patch