Bug 52796

Summary: [Qt][WK2] Null ptr deref in UI process after web process has crashed
Product: WebKit Reporter: Kimmo Kinnunen <kimmo.t.kinnunen>
Component: WebKit2Assignee: Kimmo Kinnunen <kimmo.t.kinnunen>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch to fix the null pointer deref
none
Fix 2, contains initialization of the backingstoretype private var none

Kimmo Kinnunen
Reported 2011-01-20 03:42:47 PST
UI process creates a redundant drawing area during initialization. This is only used to pass drawing area type until QWKPagePrivate::createDrawingArea() is called. Side-effect of this is that when web process dies and ui process re-initializes the connection, the new createDrawingArea() call refers to invalid ptr and thus ui process crashes. Introduced in: https://bugs.webkit.org/show_bug.cgi?id=52184
Attachments
Patch to fix the null pointer deref (5.33 KB, patch)
2011-01-20 05:23 PST, Kimmo Kinnunen 		no flags
DetailsFormatted DiffDiff
Fix 2, contains initialization of the backingstoretype private var (5.54 KB, patch)
2011-01-20 06:12 PST, Kimmo Kinnunen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Kimmo Kinnunen
Comment 1 2011-01-20 05:23:37 PST
Created attachment 79585 [details] Patch to fix the null pointer deref
Kimmo Kinnunen
Comment 2 2011-01-20 06:12:45 PST
Created attachment 79591 [details] Fix 2, contains initialization of the backingstoretype private var
Andreas Kling
Comment 3 2011-01-20 06:17:15 PST
Comment on attachment 79591 [details] Fix 2, contains initialization of the backingstoretype private var D'oh. r=me
WebKit Commit Bot
Comment 4 2011-01-20 10:08:56 PST
Comment on attachment 79591 [details] Fix 2, contains initialization of the backingstoretype private var Clearing flags on attachment: 79591 Committed r76262: <http://trac.webkit.org/changeset/76262>
WebKit Commit Bot
Comment 5 2011-01-20 10:09:02 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.