[Webkit-unassigned] [Bug 66297] New: Page::PageClients not fully initialized?
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 16 06:23:40 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66297
Summary: Page::PageClients not fully initialized?
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
Created an attachment (id=104032)
--> (https://bugs.webkit.org/attachment.cgi?id=104032&action=review)
Repro
Repro:
<script>
new (window.open()).PeerConnection([].x,function(){});
</script>
It seems that a WebViews PageClients structure is not fully initialized; "deviceMotionClient" and "mediaStreamClient" are not set:
WebViewImpl::WebViewImpl(WebViewClient* client)
: m_client(client)
<<<snip>>>
Page::PageClients pageClients;
--------------------------------
struct PageClients {
<<<snip>>>
ChromeClient* chromeClient;
ContextMenuClient* contextMenuClient;
EditorClient* editorClient;
DragClient* dragClient;
InspectorClient* inspectorClient;
GeolocationClient* geolocationClient;
DeviceMotionClient* deviceMotionClient;
DeviceOrientationClient* deviceOrientationClient;
RefPtr<BackForwardList> backForwardClient;
SpeechInputClient* speechInputClient;
MediaStreamClient* mediaStreamClient;
};
--------------------------------
pageClients.chromeClient = &m_chromeClientImpl;
pageClients.contextMenuClient = &m_contextMenuClientImpl;
pageClients.editorClient = &m_editorClientImpl;
pageClients.dragClient = &m_dragClientImpl;
pageClients.inspectorClient = &m_inspectorClientImpl;
#if ENABLE(INPUT_SPEECH)
pageClients.speechInputClient = m_speechInputClient.get();
#endif
pageClients.deviceOrientationClient = m_deviceOrientationClientProxy.get();
pageClients.geolocationClient = m_geolocationClientProxy.get();
pageClients.backForwardClient = BackForwardListChromium::create(this);
m_page = adoptPtr(new Page(pageClients));
<<<snip>>>
This will cause the corresponding MediaStreamController to have a NULL m_client, which the code does not take into account and can leads to a NULL ptr as show in the repro.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list