Bug 180054

Summary: Dangerous downcast via static_cast for find delegate.
Product: WebKit Reporter: Jeremy Jones <jeremyj-wk>
Component: WebKit2Assignee: Jeremy Jones <jeremyj-wk>
Status: NEW    
Severity: Normal CC: achristensen, simon.fraser
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch achristensen: review-

Jeremy Jones
Reported 2017-11-27 13:54:18 PST
WKWebView: - (void)_setFindDelegate:(id<_WKFindDelegate>)findDelegate { static_cast<WebKit::FindClient&>(_page->findClient()).setDelegate(findDelegate); } void WebPageProxy::close() ... m_findClient = std::make_unique<API::FindClient>(); Calling _setFindDelegate: after the PageProxy has been closed is unsafe.
Attachments
Patch (3.73 KB, patch)
2017-11-27 14:16 PST, Jeremy Jones 		achristensen: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jeremy Jones
Comment 1 2017-11-27 14:16:18 PST
Created attachment 327678 [details] Patch
Jeremy Jones
Comment 2 2017-11-27 14:18:51 PST
Related: https://bugs.webkit.org/show_bug.cgi?id=179849
Alex Christensen
Comment 3 2017-11-27 21:04:55 PST
Comment on attachment 327678 [details] Patch This is messy and kind of a layering violation. I think it would be better to set m_findClient to nullptr in WebPageProxy::close and check it for null everywhere we use it. There should also be an API test that exercises the bad behavior before the change.
Note You need to log in before you can comment on or make changes to this bug.