[webkit-changes] [152367] trunk/Source/WebKit2

[sergio]

Title: [152367] trunk/Source/WebKit2

Revision

152367

Author

ser...@webkit.org

Date

2013-07-03 10:35:13 -0700 (Wed, 03 Jul 2013)

Log Message

[GTK][WK2] SIGSEV in WebKit::WebPageContextMenuClient::customContextMenuItemSelected
https://bugs.webkit.org/show_bug.cgi?id=116867

Reviewed by Anders Carlsson.

We did not reset the clients on WebPageProxy::close(), so right
clicking on a link after starting the navigation to some other
page was causing crashes because code was trying to access an
already freed m_contextMenuClient.

There were some other clients that could potentially trigger the
same issues. Reset them all to null to prevent this situation.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::close):

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp

Diff

Modified: trunk/Source/WebKit2/ChangeLog (152366 => 152367)

--- trunk/Source/WebKit2/ChangeLog	2013-07-03 17:28:43 UTC (rev 152366)
+++ trunk/Source/WebKit2/ChangeLog	2013-07-03 17:35:13 UTC (rev 152367)
@@ -1,3 +1,21 @@
+2013-07-03  Sergio Villar Senin  <svil...@igalia.com>
+
+        [GTK][WK2] SIGSEV in WebKit::WebPageContextMenuClient::customContextMenuItemSelected
+        https://bugs.webkit.org/show_bug.cgi?id=116867
+
+        Reviewed by Anders Carlsson.
+
+        We did not reset the clients on WebPageProxy::close(), so right
+        clicking on a link after starting the navigation to some other
+        page was causing crashes because code was trying to access an
+        already freed m_contextMenuClient.
+
+        There were some other clients that could potentially trigger the
+        same issues. Reset them all to null to prevent this situation.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::close):
+
 2013-07-03  Simon Pena  <simon.p...@samsung.com>
 
         Output arguments used in IPC calls should be returned initialised

Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp (152366 => 152367)

--- trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp	2013-07-03 17:28:43 UTC (rev 152366)
+++ trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp	2013-07-03 17:35:13 UTC (rev 152367)
@@ -629,13 +629,19 @@
     m_activePopupMenu = 0;
 
     m_estimatedProgress = 0.0;
-    
+
     m_loaderClient.initialize(0);
     m_policyClient.initialize(0);
+    m_formClient.initialize(0);
     m_uiClient.initialize(0);
 #if PLATFORM(EFL)
     m_uiPopupMenuClient.initialize(0);
 #endif
+    m_findClient.initialize(0);
+    m_findMatchesClient.initialize(0);
+#if ENABLE(CONTEXT_MENUS)
+    m_contextMenuClient.initialize(0);
+#endif
 
     m_drawingArea = nullptr;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes