diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog index 6e4feddc79f9..9626afd9c98b 100644 --- a/Source/WebKit2/ChangeLog +++ b/Source/WebKit2/ChangeLog @@ -1,3 +1,21 @@ +2013-07-03 Sergio Villar Senin + + [GTK][WK2] SIGSEV in WebKit::WebPageContextMenuClient::customContextMenuItemSelected + https://bugs.webkit.org/show_bug.cgi?id=116867 + + Reviewed by Anders Carlsson. + + We did not reset the clients on WebPageProxy::close(), so right + clicking on a link after starting the navigation to some other + page was causing crashes because code was trying to access an + already freed m_contextMenuClient. + + There were some other clients that could potentially trigger the + same issues. Reset them all to null to prevent this situation. + + * UIProcess/WebPageProxy.cpp: + (WebKit::WebPageProxy::close): + 2013-07-03 Simon Pena Output arguments used in IPC calls should be returned initialised diff --git a/Source/WebKit2/UIProcess/WebPageProxy.cpp b/Source/WebKit2/UIProcess/WebPageProxy.cpp index 1c752d362ba8..d280dbc3f380 100644 --- a/Source/WebKit2/UIProcess/WebPageProxy.cpp +++ b/Source/WebKit2/UIProcess/WebPageProxy.cpp @@ -629,13 +629,19 @@ void WebPageProxy::close() m_activePopupMenu = 0; m_estimatedProgress = 0.0; - + m_loaderClient.initialize(0); m_policyClient.initialize(0); + m_formClient.initialize(0); m_uiClient.initialize(0); #if PLATFORM(EFL) m_uiPopupMenuClient.initialize(0); #endif + m_findClient.initialize(0); + m_findMatchesClient.initialize(0); +#if ENABLE(CONTEXT_MENUS) + m_contextMenuClient.initialize(0); +#endif m_drawingArea = nullptr;