[GTK][WK2] SIGSEV in WebKit::WebPageContextMenuClient::customContextM…

…enuItemSelected https://bugs.webkit.org/show_bug.cgi?id=116867 Reviewed by Anders Carlsson. We did not reset the clients on WebPageProxy::close(), so right clicking on a link after starting the navigation to some other page was causing crashes because code was trying to access an already freed m_contextMenuClient. There were some other clients that could potentially trigger the same issues. Reset them all to null to prevent this situation. * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::close): Canonical link: https://commits.webkit.org/136368@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@152367 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Jul 3, 2013 · f1e039f · f1e039f
1 parent f89bb1f
commit f1e039f
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
@@ -1,3 +1,21 @@
+2013-07-03  Sergio Villar Senin  <svillar@igalia.com>
+
+        [GTK][WK2] SIGSEV in WebKit::WebPageContextMenuClient::customContextMenuItemSelected
+        https://bugs.webkit.org/show_bug.cgi?id=116867
+
+        Reviewed by Anders Carlsson.
+
+        We did not reset the clients on WebPageProxy::close(), so right
+        clicking on a link after starting the navigation to some other
+        page was causing crashes because code was trying to access an
+        already freed m_contextMenuClient.
+
+        There were some other clients that could potentially trigger the
+        same issues. Reset them all to null to prevent this situation.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::close):
+
 2013-07-03  Simon Pena  <simon.pena@samsung.com>
 
         Output arguments used in IPC calls should be returned initialised

diff --git a/Source/WebKit2/UIProcess/WebPageProxy.cpp b/Source/WebKit2/UIProcess/WebPageProxy.cpp
@@ -629,13 +629,19 @@ void WebPageProxy::close()
     m_activePopupMenu = 0;
 
     m_estimatedProgress = 0.0;
-    
+
     m_loaderClient.initialize(0);
     m_policyClient.initialize(0);
+    m_formClient.initialize(0);
     m_uiClient.initialize(0);
 #if PLATFORM(EFL)
     m_uiPopupMenuClient.initialize(0);
 #endif
+    m_findClient.initialize(0);
+    m_findMatchesClient.initialize(0);
+#if ENABLE(CONTEXT_MENUS)
+    m_contextMenuClient.initialize(0);
+#endif
 
     m_drawingArea = nullptr;