RESOLVED FIXED 46536
REGRESSION (r68260): Crash in PlatformCertificateInfo::~PlatformCertificateInfo when navigating away from Gmail 
https://bugs.webkit.org/show_bug.cgi?id=46536
Summary REGRESSION (r68260): Crash in PlatformCertificateInfo::~PlatformCertificateIn...
Adam Roben (:aroben)
Reported 2010-09-24 16:14:37 PDT
To reproduce: 1. Go to http://gmail.com/ in WebKit2 2. Go to some other page You'll crash in PlatformCertificateInfo::~PlatformCertificateInfo. Here's the backtrace: crypt32.dll!ReleaseContextElement() + 0x18 bytes crypt32.dll!_CertFreeCertificateContext@4() + 0x15 bytes > WebKit.dll!WebKit::PlatformCertificateInfo::~PlatformCertificateInfo() Line 63 + 0xe bytes C++ WebKit.dll!WebKit::WebCertificateInfo::~WebCertificateInfo() + 0x19 bytes C++ WebKit.dll!WebKit::WebCertificateInfo::`scalar deleting destructor'() + 0x16 bytes C++ WebKit.dll!WTF::RefCounted<WebKit::APIObject>::deref() Line 139 + 0x3a bytes C++ WebKit.dll!WTF::derefIfNotNull<WebKit::WebCertificateInfo>(WebKit::WebCertificateInfo * ptr=0x099888e8) Line 59 C++ WebKit.dll!WTF::RefPtr<WebKit::WebCertificateInfo>::operator=(const WTF::PassRefPtr<WebKit::WebCertificateInfo> & o={...}) Line 140 + 0x9 bytes C++ WebKit.dll!WebKit::WebFrameProxy::setCertificateInfo(WTF::PassRefPtr<WebKit::WebCertificateInfo> certificateInfo={...}) Line 69 C++ WebKit.dll!WebKit::WebPageProxy::didCommitLoadForFrame(WebKit::WebFrameProxy * frame=0x0987a0b8, const WebKit::PlatformCertificateInfo & certificateInfo={...}, WebKit::APIObject * userData=0x00000000) Line 1038 C++ WebKit.dll!WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection * connection=0x08cda7a8, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0aa1cac8) Line 616 C++ WebKit.dll!WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection * connection=0x08cda7a8, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0aa1cac8) Line 356 C++ WebKit.dll!CoreIPC::Connection::dispatchMessages() Line 278 + 0x33 bytes C++ WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute() Line 74 + 0x10 bytes C++ WebKit.dll!RunLoop::performWork() Line 62 + 0x1a bytes C++ WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x000b0a82, unsigned int message=1025, unsigned int wParam=106901664, long lParam=0) Line 56 C++ WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x000b0a82, unsigned int message=1025, unsigned int wParam=106901664, long lParam=0) Line 38 + 0x18 bytes C++
Attachments
Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows (2.82 KB, patch)
2010-09-27 06:09 PDT, Adam Roben (:aroben) 		no flags
DetailsFormatted DiffDiff
Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows (2.85 KB, patch)
2010-09-27 06:19 PDT, Adam Roben (:aroben) 		sam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2010-09-24 16:14:55 PDT
Luckily, I have a fix!
Adam Roben (:aroben)
Comment 2 2010-09-24 16:15:48 PDT
<rdar://problem/8477292>
Adam Roben (:aroben)
Comment 3 2010-09-27 06:09:03 PDT
Created attachment 68899 [details] Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows
Sam Weinig
Comment 4 2010-09-27 06:14:13 PDT
Comment on attachment 68899 [details] Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows View in context: https://bugs.webkit.org/attachment.cgi?id=68899&action=review > WebKit2/Shared/win/PlatformCertificateInfo.cpp:77 > +PlatformCertificateInfo& PlatformCertificateInfo::operator=(const PlatformCertificateInfo& other) > +{ > + if (m_certificateContext) > + ::CertFreeCertificateContext(m_certificateContext); > + m_certificateContext = ::CertDuplicateCertificateContext(other.m_certificateContext); > + return *this; > +} We should try and handle the self-assignment case here.
Adam Roben (:aroben)
Comment 5 2010-09-27 06:19:57 PDT
Created attachment 68901 [details] Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows
Adam Roben (:aroben)
Comment 6 2010-09-27 06:29:36 PDT
Committed r68387: <http://trac.webkit.org/changeset/68387>
Note You need to log in before you can comment on or make changes to this bug.