[Webkit-unassigned] [Bug 74108] New: [Qt] Incorrect deletion m_replyWrapper in QtNetworkReplyHandler::finish

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 8 11:18:28 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=74108

           Summary: [Qt] Incorrect deletion m_replyWrapper in
                    QtNetworkReplyHandler::finish
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Critical
          Priority: P1
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: adawit at kde.org


QNetworkReply's documentation explicitly states that it should not be directly deleted from a SLOT connected to its finished signal. If the reply has to be deleted, then QObject::deleteLater should be used instead. Unfortunately, that is not what happens in QNetworkReplyHandler::finish. The reply wrapper object is simply set to 0, which results in the QNetworkReply object being deleted immediately. This causes crashes like the one reported downstream at https://bugs.kde.org/show_bug.cgi?id=287778.

Please note that the crash does not happen when using QtTestBrowser or for that matter anything that uses Qt's own networking classes. However, it reliably crashes in KDE QNetworkAccessManager integration classes.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list