Created attachment 182414 [details] gdb trace log QtWebKit version: latest as of today from http://gitorious.org/+qtwebkit-developers/webkit/qtwebkit-23/commits/qtwebkit-2.3-staging Browser: Qupzilla Reproducible: Always Browser crashes by clicking on a link in Gmail Settings "Click here to enable desktop notifications for Gmail". Desktop notifications on my other account was already enabled and working fine. gdb log attached.
I've built qtwebkit with "bool NotificationPresenterClientQt::dumpNotification" set to "true" in /Source/WebKit/qt/WebCoreSupport/NotificationPresenterClientQt.cpp and I get in console output: DESKTOP NOTIFICATION PERMISSION REQUESTED: https://mail.google.com
Created attachment 182426 [details] gdb trace log from QtTestBrowser
Another thing I've noticed. In file /Source/WebKit/qt/WebCoreSupport/NotificationPresenterClientQt.cpp in function void NotificationPresenterClientQt::requestPermission(ScriptExecutionContext* context, PassRefPtr<VoidCallback> callback) I've added two printf commands, like this: printf("Before emited signal\n"); emit toPage(context)->featurePermissionRequested(toFrame(context), QWebPage::Notifications); printf("After emited signal\n"); Upon crash, only the first one gets printed ("Before emited signal"). Probably doesn't mean anything, but just in case...
Created attachment 183556 [details] Check the validity of ptr right before handling callback.
Created attachment 183557 [details] Don't add invalid pointer into to m_callbacks
From w3.org: static void requestPermission(NotificationPermissionCallback callback); There is one parameter to requestPermission method. However, if this method is called without it, the Callback pointer that is passed to NotificationPresenterClientQt will be invalid and finally will lead to this crash. The simple "window.webkitNotifications.requestPermission();" should crash it. I've added two patches, the first checks the validity of callback pointer right before using it, while the second rather prevents adding invalid callback pointer into m_callbacks array. I'd prefer the behavior of the second patch. Both patches fixes the crash and enables desktop notifications on gmail.com
Confirmed, patches fix the problem.
N(In reply to comment #7) > Confirmed, patches fix the problem. Nice, looks like it might apply to trunk as well. I will test on Monday.
Created attachment 183747 [details] Patch
Committed r140322: <http://trac.webkit.org/changeset/140322>