Bug 29670 - Crash observed while loading plugin content
Summary: Crash observed while loading plugin content
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Qt (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL: http://waplabdc.nokia-boston.com/brow...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-22 23:48 PDT by rashmi
Modified: 2009-09-25 04:30 PDT (History)
0 users

See Also:

Attachments
qtWebkit fix for mp3 play crash (1.27 KB, patch)
2009-09-23 02:52 PDT, rashmi 		hausmann: review-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description rashmi 2009-09-22 23:48:30 PDT 
When clicked on the test case link, music player plugin is launched to play the content. But before the music player is launched, pluginView while checking for response received, coughs up an error and is set to NULL in setMainDocumentError().After this, immediately pluginView pointer is used, thus leading to QtLauncher crash.


Steps to Reproduce
------------------
1)Launch the QtLauncher.
2)Provide the below link in the QtLauncher
http://waplabdc.nokia-boston.com/browser/users/cwrt/BAT/index.html
3)Click on Download mp3.

Expected Result
---------------
QtLauncher should not crash.

Actual Result
--------------
QtLauncher crash is observed.
Comment 1 rashmi 2009-09-23 02:52:44 PDT 
Created attachment 39983 [details]
qtWebkit fix for mp3 play crash

null check added when plugin response failed to catch and m_pluginView tried to access again
Comment 2 Tor Arne Vestbø 2009-09-23 03:12:15 PDT 
Comment on attachment 39983 [details]
qtWebkit fix for mp3 play crash

Why isn't this already caught by the null-check 4 lines above the didReciveData call?

    // We re-check here as the plugin can have been created
    if (m_pluginView) {
        if (!m_hasSentResponseToPlugin) {
            m_pluginView->didReceiveResponse(loader->response());
            // didReceiveResponse sets up a new stream to the plug-in. on a full-page plug-in, a failure in
            // setting up this stream can cause the main document load to be cancelled, setting m_pluginView
            // to null
            if (!m_pluginView)
                return;
            m_hasSentResponseToPlugin = true;
        }
        m_pluginView->didReceiveData(data, length);
    }

Also, for future reference:

 - Do patches based on the root of the webkit source tree, not inside WebKit
 - Follow the QtWebKit bug reporting guidlines http://trac.webkit.org/wiki/QtWebKitContrib#ReportingBugs
   - In particular, choose the right component and add the Qt keyword
 - You can safely leave out comments like the one in this patch, that's what the changelog/commit message is for
Comment 3 rashmi 2009-09-23 04:23:58 PDT 
Thank you for the review comments.

I have branched webkit in which prior to my fix the crash was still reproducible with QtLauncher.

I will close this bug once I find that this crash is not reproducible on the latest webkit code.
Comment 4 Simon Hausmann 2009-09-23 14:36:07 PDT 
Comment on attachment 39983 [details]
qtWebkit fix for mp3 play crash

Indeed, this crash was fixed in http://trac.webkit.org/changeset/45814