RESOLVED FIXED Bug 69037
ASSERT if WebView's UIDelegate does not implement webView:runOpenPanel 
https://bugs.webkit.org/show_bug.cgi?id=69037
Summary ASSERT if WebView's UIDelegate does not implement webView:runOpenPanel
Joseph Pecoraro
Reported 2011-09-28 16:00:30 PDT
If a WebView's UIDelegate does not implement any of the webView:runOpenPanel delegates then WebChromeClient will ASSERT(!_chooser) when the unused WebOpenPanelResultListener deallocated. WebKit expects an action (-cancel, -chooseFile:, or -chooseFiles:) to be called on the listener before its deallocated. We can either not create the listener if its not needed, or just default to cancel if no delegate is implemented.
Attachments
[PATCH] Proposed Fix (1.70 KB, patch)
2011-09-28 17:06 PDT, Joseph Pecoraro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Joseph Pecoraro
Comment 1 2011-09-28 17:06:01 PDT
Created attachment 109096 [details] [PATCH] Proposed Fix Easiest approach was to just send a -cancel to the listener.
Joseph Pecoraro
Comment 2 2011-09-28 17:08:33 PDT
This would also fix a leak for those cases.
Alexey Proskuryakov
Comment 3 2011-09-28 17:20:30 PDT
Comment on attachment 109096 [details] [PATCH] Proposed Fix Is it right to -release after -cancel? This looks like an over-release.
Joseph Pecoraro
Comment 4 2011-09-28 17:25:11 PDT
In this case, -cancel doesn't release the object, it just sends a message down to the WebCore::FileChooser and clears the FileChooser. -release just deallocates, which expects the chooser to have already been cleared. The relevant code here is: ifndef NDEBUG - (void)dealloc { ASSERT(!_chooser); [super dealloc]; } - (void)finalize { ASSERT(!_chooser); [super finalize]; } #endif - (void)cancel { ASSERT(_chooser); if (!_chooser) return; _chooser->deref(); _chooser = 0; }
Joseph Pecoraro
Comment 5 2011-09-28 17:27:16 PDT
(In reply to comment #4) > "it just sends a message down to the WebCore::FileChooser" Actually the -cancel path doesn't send a message. The -chooseFile(s) paths do send a message and clear the chooser. The rest of my comment is still fine.
WebKit Review Bot
Comment 6 2011-09-28 17:44:36 PDT
Comment on attachment 109096 [details] [PATCH] Proposed Fix Clearing flags on attachment: 109096 Committed r96279: <http://trac.webkit.org/changeset/96279>
WebKit Review Bot
Comment 7 2011-09-28 17:44:40 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.