Title: [192792] trunk/Source/WebKit2
- Revision
- 192792
- Author
- [email protected]
- Date
- 2015-11-30 01:39:49 -0800 (Mon, 30 Nov 2015)
Log Message
[GTK] UI process crash when the screensaver DBus proxy is being created while the web view is destroyed
https://bugs.webkit.org/show_bug.cgi?id=151653
Reviewed by Martin Robinson.
We correctly cancel the proxy creation, but when the async ready
callback is called, the view could be destroyed already. In that
case g_dbus_proxy_new_for_bus_finish() will return nullptr and
fail with cancelled error, but we are using the passed web view
without checking first if the creation failed or not.
* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(screenSaverProxyCreatedCallback):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (192791 => 192792)
--- trunk/Source/WebKit2/ChangeLog 2015-11-30 08:05:51 UTC (rev 192791)
+++ trunk/Source/WebKit2/ChangeLog 2015-11-30 09:39:49 UTC (rev 192792)
@@ -1,3 +1,19 @@
+2015-11-30 Carlos Garcia Campos <[email protected]>
+
+ [GTK] UI process crash when the screensaver DBus proxy is being created while the web view is destroyed
+ https://bugs.webkit.org/show_bug.cgi?id=151653
+
+ Reviewed by Martin Robinson.
+
+ We correctly cancel the proxy creation, but when the async ready
+ callback is called, the view could be destroyed already. In that
+ case g_dbus_proxy_new_for_bus_finish() will return nullptr and
+ fail with cancelled error, but we are using the passed web view
+ without checking first if the creation failed or not.
+
+ * UIProcess/API/gtk/WebKitWebViewBase.cpp:
+ (screenSaverProxyCreatedCallback):
+
2015-11-28 Tim Horton <[email protected]>
Stop unnecessarily copying WKWebViewConfiguration in a few places
Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp (192791 => 192792)
--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp 2015-11-30 08:05:51 UTC (rev 192791)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp 2015-11-30 09:39:49 UTC (rev 192792)
@@ -1170,11 +1170,15 @@
static void screenSaverProxyCreatedCallback(GObject*, GAsyncResult* result, WebKitWebViewBase* webViewBase)
{
- WebKitWebViewBasePrivate* priv = webViewBase->priv;
- priv->screenSaverProxy = adoptGRef(g_dbus_proxy_new_for_bus_finish(result, nullptr));
- if (!priv->screenSaverProxy)
+ // WebKitWebViewBase cancels the proxy creation on dispose, which means this could be called
+ // after the web view has been destroyed and g_dbus_proxy_new_for_bus_finish will return nullptr.
+ // So, make sure we don't use the web view unless we have a valid proxy.
+ // See https://bugs.webkit.org/show_bug.cgi?id=151653.
+ GRefPtr<GDBusProxy> proxy = adoptGRef(g_dbus_proxy_new_for_bus_finish(result, nullptr));
+ if (!proxy)
return;
+ webViewBase->priv->screenSaverProxy = proxy;
webkitWebViewBaseSendInhibitMessageToScreenSaver(webViewBase);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
