Bug 29670

Summary: Crash observed while loading plugin content
Product: WebKit Reporter: rashmi <rashmi.s>
Component: WebKit QtAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
URL: http://waplabdc.nokia-boston.com/browser/users/cwrt/BAT/index.html
Attachments:
Description Flags
qtWebkit fix for mp3 play crash hausmann: review-

rashmi
Reported 2009-09-22 23:48:30 PDT
When clicked on the test case link, music player plugin is launched to play the content. But before the music player is launched, pluginView while checking for response received, coughs up an error and is set to NULL in setMainDocumentError().After this, immediately pluginView pointer is used, thus leading to QtLauncher crash. Steps to Reproduce ------------------ 1)Launch the QtLauncher. 2)Provide the below link in the QtLauncher http://waplabdc.nokia-boston.com/browser/users/cwrt/BAT/index.html 3)Click on Download mp3. Expected Result --------------- QtLauncher should not crash. Actual Result -------------- QtLauncher crash is observed.
Attachments
qtWebkit fix for mp3 play crash (1.27 KB, patch)
2009-09-23 02:52 PDT, rashmi 		hausmann: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
rashmi
Comment 1 2009-09-23 02:52:44 PDT
Created attachment 39983 [details] qtWebkit fix for mp3 play crash null check added when plugin response failed to catch and m_pluginView tried to access again
Tor Arne Vestbø
Comment 2 2009-09-23 03:12:15 PDT
Comment on attachment 39983 [details] qtWebkit fix for mp3 play crash Why isn't this already caught by the null-check 4 lines above the didReciveData call? // We re-check here as the plugin can have been created if (m_pluginView) { if (!m_hasSentResponseToPlugin) { m_pluginView->didReceiveResponse(loader->response()); // didReceiveResponse sets up a new stream to the plug-in. on a full-page plug-in, a failure in // setting up this stream can cause the main document load to be cancelled, setting m_pluginView // to null if (!m_pluginView) return; m_hasSentResponseToPlugin = true; } m_pluginView->didReceiveData(data, length); } Also, for future reference: - Do patches based on the root of the webkit source tree, not inside WebKit - Follow the QtWebKit bug reporting guidlines http://trac.webkit.org/wiki/QtWebKitContrib#ReportingBugs - In particular, choose the right component and add the Qt keyword - You can safely leave out comments like the one in this patch, that's what the changelog/commit message is for
rashmi
Comment 3 2009-09-23 04:23:58 PDT
Thank you for the review comments. I have branched webkit in which prior to my fix the crash was still reproducible with QtLauncher. I will close this bug once I find that this crash is not reproducible on the latest webkit code.
Simon Hausmann
Comment 4 2009-09-23 14:36:07 PDT
Comment on attachment 39983 [details] qtWebkit fix for mp3 play crash Indeed, this crash was fixed in http://trac.webkit.org/changeset/45814
Note You need to log in before you can comment on or make changes to this bug.