Changeset 192792 in webkit


Ignore:
Timestamp:
Nov 30, 2015 1:39:49 AM (8 years ago)
Author:
Carlos Garcia Campos
Message:

[GTK] UI process crash when the screensaver DBus proxy is being created while the web view is destroyed
https://bugs.webkit.org/show_bug.cgi?id=151653

Reviewed by Martin Robinson.

We correctly cancel the proxy creation, but when the async ready
callback is called, the view could be destroyed already. In that
case g_dbus_proxy_new_for_bus_finish() will return nullptr and
fail with cancelled error, but we are using the passed web view
without checking first if the creation failed or not.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(screenSaverProxyCreatedCallback):

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r192786 r192792  
     12015-11-30  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [GTK] UI process crash when the screensaver DBus proxy is being created while the web view is destroyed
     4        https://bugs.webkit.org/show_bug.cgi?id=151653
     5
     6        Reviewed by Martin Robinson.
     7
     8        We correctly cancel the proxy creation, but when the async ready
     9        callback is called, the view could be destroyed already. In that
     10        case g_dbus_proxy_new_for_bus_finish() will return nullptr and
     11        fail with cancelled error, but we are using the passed web view
     12        without checking first if the creation failed or not.
     13
     14        * UIProcess/API/gtk/WebKitWebViewBase.cpp:
     15        (screenSaverProxyCreatedCallback):
     16
    1172015-11-28  Tim Horton  <timothy_horton@apple.com>
    218

  • trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp

    r192782 r192792  
    11711171static void screenSaverProxyCreatedCallback(GObject*, GAsyncResult* result, WebKitWebViewBase* webViewBase)
    11721172{
    1173     WebKitWebViewBasePrivate* priv = webViewBase->priv;
    1174     priv->screenSaverProxy = adoptGRef(g_dbus_proxy_new_for_bus_finish(result, nullptr));
    1175     if (!priv->screenSaverProxy)
    1176         return;
    1177 
     1173    // WebKitWebViewBase cancels the proxy creation on dispose, which means this could be called
     1174    // after the web view has been destroyed and g_dbus_proxy_new_for_bus_finish will return nullptr.
     1175    // So, make sure we don't use the web view unless we have a valid proxy.
     1176    // See https://bugs.webkit.org/show_bug.cgi?id=151653.
     1177    GRefPtr<GDBusProxy> proxy = adoptGRef(g_dbus_proxy_new_for_bus_finish(result, nullptr));
     1178    if (!proxy)
     1179        return;
     1180
     1181    webViewBase->priv->screenSaverProxy = proxy;
    11781182    webkitWebViewBaseSendInhibitMessageToScreenSaver(webViewBase);
    11791183}
Note: See TracChangeset for help on using the changeset viewer.