Bug 175826

Summary:	[GTK] Invalid virtual call to WebKitPopupMenu::cancelTracking() in destructor ~WebPopupMenuProxyGtk
Product:	WebKit	Reporter:	Adrian Perez <aperez>
Component:	WebKitGTK	Assignee:	Nobody <webkit-unassigned>
Status:	NEW
Severity:	Normal	CC:	bugs-noreply, mcatanzaro, Ms2ger
Priority:	P2
Version:	Other
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:
Bug Blocks:	175829

Adrian Perez

Reported 2017-08-22 09:04:26 PDT

Virtual destructor ~WebPopupMenuProxyGtk calls cancelTracking(), which is overriden by WebKitPopupMenu. This is a bug, because when the destructor ~WebPopupMenuProxyGtk runs, the destructor ~WebKitPopupMenu has already been executed. Issue reported by Clang's scan-build: http://people.igalia.com/aperez/scan-build/webkitgtk-2.17.91+tartan/report-a28fd3.html

Attachments
Add attachment proposed patch, testcase, etc.

Michael Catanzaro

Comment 1 2017-08-22 09:13:43 PDT

This does not seem easy to fix. Not sure what we can do here.

Ms2ger (he/him; ⌚ UTC+1/+2)

Comment 2 2017-08-23 00:10:53 PDT

I'm guessing overriding the ~WebKitPopupMenu destructor to call WebKitPopupMenu::cancelTracking() itself could work. WebPopupMenuProxyGtk::cancelTracking() would be called twice, but it looks idempotent.

Michael Catanzaro

Comment 3 2017-08-23 07:48:54 PDT

Let's follow the rule to not make any virtual function calls inside a constructor or destructor.

Note You need to log in before you can comment on or make changes to this bug.