From ffb831d9896dcdd3d469fdbeee407d96d631dbda Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Wed, 6 Apr 2022 15:32:17 +0200
Subject: Fix leak if loader error is seen first

For some reason the proxied_loader_receiver can still be bound
in this case.

Pick-to: 6.3 6.2 5.15
Change-Id: If0bbe181eca5de41e82eebaced412361fe12fb40
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
---
 src/core/net/proxying_url_loader_factory_qt.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/core')

diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp
index 9c6930563..6b311d7fb 100644
--- a/src/core/net/proxying_url_loader_factory_qt.cpp
+++ b/src/core/net/proxying_url_loader_factory_qt.cpp
@@ -175,6 +175,8 @@ private:
     bool local_access_ = false;
     bool remote_access_ = true;
 
+    bool loader_error_seen_ = false;
+
     // If the |target_loader_| called OnComplete with an error this stores it.
     // That way the destructor can send it to OnReceivedError if safe browsing
     // error didn't occur.
@@ -391,6 +393,7 @@ void InterceptedRequest::ContinueAfterIntercept()
     }
 
     if (!target_loader_ && target_factory_) {
+        loader_error_seen_ = false;
         target_factory_->CreateLoaderAndStart(target_loader_.BindNewPipeAndPassReceiver(), request_id_,
                                               options_, request_, proxied_client_receiver_.BindNewPipeAndPassRemote(),
                                               traffic_annotation_);
@@ -496,6 +499,8 @@ void InterceptedRequest::OnURLLoaderError(uint32_t custom_reason, const std::str
     // If CallOnComplete was already called, then this object is ready to be deleted.
     if (!target_client_)
         delete this;
+    else
+        loader_error_seen_ = true;
 }
 
 void InterceptedRequest::CallOnComplete(const network::URLLoaderCompletionStatus &status, bool wait_for_loader_error)
@@ -509,7 +514,7 @@ void InterceptedRequest::CallOnComplete(const network::URLLoaderCompletionStatus
     if (target_client_)
         target_client_->OnComplete(status);
 
-    if (proxied_loader_receiver_.is_bound() && wait_for_loader_error) {
+    if (proxied_loader_receiver_.is_bound() && wait_for_loader_error && !loader_error_seen_) {
         // Since the original client is gone no need to continue loading the
         // request.
         proxied_client_receiver_.reset();
-- 
cgit v1.2.3