Bug 24636

Summary: Fix crash of Chromium port in use of BackForwardList in SVG images
Product: WebKit Reporter: Hin-Chung Lam <hclam>
Component: PlatformAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: dglazkov, maruel
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Attachments:
Description Flags
patch
none
adding if (m_client) check to other methods eric: review-

Hin-Chung Lam
Reported 2009-03-16 17:52:09 PDT
Crash filed against Chromium: http://code.google.com/p/chromium/issues/detail?id=6869 When a SVG image is created, a WebCore::Page is created with BackForwardList but BackForwardList::m_client is never initialized. During eviction of the cached SVG image, m_client->close() is called in BackForwardList::close() resulting in a crash. Since the WebCore::Page in SVGImage doesn't have links to the frame, there's no BackForwardListClient implementation available, so we just don't care these requests to BackForwardList and don't delegate the requests when m_client is NULL.
Attachments
patch (2.74 KB, patch)
2009-03-16 17:52 PDT, Hin-Chung Lam 		no flags
DetailsFormatted DiffDiff
adding if (m_client) check to other methods (2.24 KB, patch)
2009-03-19 10:53 PDT, Hin-Chung Lam 		eric: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Hin-Chung Lam
Comment 1 2009-03-16 17:52:54 PDT
Created attachment 28673 [details] patch
Hin-Chung Lam
Comment 2 2009-03-18 11:15:13 PDT
Review in Chromium: http://codereview.chromium.org/42265/show
Darin Fisher (:fishd, Google)
Comment 3 2009-03-19 10:29:44 PDT
maruel already fixed this: http://trac.webkit.org/changeset/41824
Hin-Chung Lam
Comment 4 2009-03-19 10:32:45 PDT
"if (m_client)" is only performed on close(), this check should be added to other functions as well.
Hin-Chung Lam
Comment 5 2009-03-19 10:53:35 PDT
Created attachment 28755 [details] adding if (m_client) check to other methods
Hin-Chung Lam
Comment 6 2009-03-19 10:56:16 PDT
Comment on attachment 28755 [details] adding if (m_client) check to other methods Since maruel has patched the class and initialize m_client as NULL, we should avoid using m_client in this case in all methods too.
Darin Fisher (:fishd, Google)
Comment 7 2009-03-19 11:11:38 PDT
This was discussed. Please see: https://bugs.webkit.org/show_bug.cgi?id=24398#c6
Eric Seidel (no email)
Comment 8 2009-03-26 11:32:04 PDT
Comment on attachment 28755 [details] adding if (m_client) check to other methods I would have just added an ASSERT(m_client) before these calls in all cases: - return m_client->backListCount(); + if (m_client) + return m_client->backListCount(); + ASSERT_NOT_REACHED(); + return 0; No need to work hard to crash only in debug mode. The changelog should mention the bug url. Also is there no way to test this? There should be a layout test if at all possible.
Hin-Chung Lam
Comment 9 2010-02-24 17:38:06 PST
*** This bug has been marked as a duplicate of bug 24398 ***
Note You need to log in before you can comment on or make changes to this bug.