From 572277538333e998e4bdfea74acb395333d3d7c8 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Wed, 6 Apr 2022 15:32:17 +0200
Subject: Fix leak if loader error is seen first

For some reason the proxied_loader_receiver can still be bound
in this case.

Change-Id: If0bbe181eca5de41e82eebaced412361fe12fb40
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit ffb831d9896dcdd3d469fdbeee407d96d631dbda)
(cherry picked from commit 79943b157ef381e5953f34f8e03049f2eecd6eb5)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/core/net/proxying_url_loader_factory_qt.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp
index 883811637..a9b774086 100644
--- a/src/core/net/proxying_url_loader_factory_qt.cpp
+++ b/src/core/net/proxying_url_loader_factory_qt.cpp
@@ -167,6 +167,8 @@ public:
     const uint32_t options_;
     bool allowed_cors_ = true;
 
+    bool loader_error_seen_ = false;
+
     // If the |target_loader_| called OnComplete with an error this stores it.
     // That way the destructor can send it to OnReceivedError if safe browsing
     // error didn't occur.
@@ -396,6 +398,7 @@ void InterceptedRequest::ContinueAfterIntercept()
     }
 
     if (!target_loader_ && target_factory_) {
+        loader_error_seen_ = false;
         target_factory_->CreateLoaderAndStart(target_loader_.BindNewPipeAndPassReceiver(), routing_id_, request_id_,
                                               options_, request_, proxied_client_receiver_.BindNewPipeAndPassRemote(),
                                               traffic_annotation_);
@@ -501,6 +504,8 @@ void InterceptedRequest::OnURLLoaderError(uint32_t custom_reason, const std::str
     // If CallOnComplete was already called, then this object is ready to be deleted.
     if (!target_client_)
         delete this;
+    else
+        loader_error_seen_ = true;
 }
 
 void InterceptedRequest::CallOnComplete(const network::URLLoaderCompletionStatus &status, bool wait_for_loader_error)
@@ -514,7 +519,7 @@ void InterceptedRequest::CallOnComplete(const network::URLLoaderCompletionStatus
     if (target_client_)
         target_client_->OnComplete(status);
 
-    if (proxied_loader_receiver_.is_bound() && wait_for_loader_error) {
+    if (proxied_loader_receiver_.is_bound() && wait_for_loader_error && !loader_error_seen_) {
         // Since the original client is gone no need to continue loading the
         // request.
         proxied_client_receiver_.reset();
-- 
cgit v1.2.3