Bug 62332 - [WKView _setDragImage:at:linkDrag:] can crash if WKView is dealloc'ed during drag
Summary: [WKView _setDragImage:at:linkDrag:] can crash if WKView is dealloc'ed during ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac All
: P2 Major
Assignee: John Sullivan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2011-06-08 15:15 PDT by John Sullivan
Modified: 2011-06-08 16:04 PDT (History)
0 users

See Also:

Attachments
Patch to retain self during this method (1.26 KB, patch)
2011-06-08 15:22 PDT, John Sullivan 		darin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Sullivan 2011-06-08 15:15:23 PDT 
[WKView _setDragImage:at:linkDrag:] contains a call to super that performs a drag. It's possible for this call to super to end up dealloc'ing self, and then WebKit will crash on the line of code that runs after the call to [super dragImage::::::].

This is in Radar as 9355199
Comment 1 John Sullivan 2011-06-08 15:22:01 PDT 
Created attachment 96492 [details]
Patch to retain self during this method
Comment 2 Darin Adler 2011-06-08 15:57:08 PDT 
Comment on attachment 96492 [details]
Patch to retain self during this method

View in context: https://bugs.webkit.org/attachment.cgi?id=96492&action=review

> Source/WebKit2/UIProcess/API/mac/WKView.mm:2342
> +    RetainPtr<WKView> protect(self);

It’s better to use a noun for the name of the local variable. Say, protector, instead of protect.
Comment 3 John Sullivan 2011-06-08 16:00:54 PDT 
Will change to "protector". I used "protect" in mimicry of another function in this file. I'll change that one too while I'm in here.
Comment 4 John Sullivan 2011-06-08 16:04:39 PDT 
Fixed in <http://trac.webkit.org/changeset/88401>.