Bug 52796

Summary: [Qt][WK2] Null ptr deref in UI process after web process has crashed
Product: WebKit Reporter: Kimmo Kinnunen <kimmo.t.kinnunen>
Component: WebKit2Assignee: Kimmo Kinnunen <kimmo.t.kinnunen>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch to fix the null pointer deref
none
Fix 2, contains initialization of the backingstoretype private var none

Description Kimmo Kinnunen 2011-01-20 03:42:47 PST 
UI process creates a redundant drawing area during initialization. This is only used to pass drawing area type until QWKPagePrivate::createDrawingArea() is called.

Side-effect of this is that when web process dies and ui process re-initializes the connection, the new createDrawingArea() call refers to invalid ptr and thus ui process crashes. 

Introduced in:
https://bugs.webkit.org/show_bug.cgi?id=52184
Comment 1 Kimmo Kinnunen 2011-01-20 05:23:37 PST 
Created attachment 79585 [details]
Patch to fix the null pointer deref
Comment 2 Kimmo Kinnunen 2011-01-20 06:12:45 PST 
Created attachment 79591 [details]
Fix 2, contains initialization of the backingstoretype private var
Comment 3 Andreas Kling 2011-01-20 06:17:15 PST 
Comment on attachment 79591 [details]
Fix 2, contains initialization of the backingstoretype private var

D'oh. r=me
Comment 4 WebKit Commit Bot 2011-01-20 10:08:56 PST 
Comment on attachment 79591 [details]
Fix 2, contains initialization of the backingstoretype private var

Clearing flags on attachment: 79591

Committed r76262: <http://trac.webkit.org/changeset/76262>
Comment 5 WebKit Commit Bot 2011-01-20 10:09:02 PST 
All reviewed patches have been landed.  Closing bug.