[Webkit-unassigned] [Bug 102192] New: [Qt] Crash in PasteboardQt.cpp Pasteboard::writeSelection

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 14 01:04:42 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=102192

           Summary: [Qt] Crash in PasteboardQt.cpp
                    Pasteboard::writeSelection
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: fabien.vallee at mstarsemi.com


Tested with Qt 4.8. 
Running layoutTests with child-processes=4, pasteboard related tests (e.g. editing/pasteboard/4944770-2.html) crash (randomly) in Pasteboard::writeSelection.
(it happens when several tests access simultaneously the clipboard).

The crash is at the line :
md->setData(QLatin1String("application/vnd.qtwebkit.smartpaste"), QByteArray());   ( Source/WebCore/platform/qt/PasteboardQt.cpp at 134566 )


I believe there is a bug in  Pasteboard::writeSelection. The function logic is :

1) creates a new QMimeData object (raw pointer)
2) set its content (setHtml, ...)
3) gives the QMimeData raw pointer to the QGuiApplication::clipboard() ( QGuiApplication::clipboard()->setMimeData).
4) set the QMimeData data for smartpaste on the raw pointer

Pasteboard::writeSelection lost the ownership on the QMimeData object in step 3), therefore it should not access the object in 4).
Step 4) shall be done before step 3)

The following fix should be enough to fix the issue :

--- a/Source/WebCore/platform/qt/PasteboardQt.cpp
+++ b/Source/WebCore/platform/qt/PasteboardQt.cpp
@@ -74,11 +74,11 @@ void Pasteboard::writeSelection(Range* selectedRange, bool canSmartCopyOrDelete,
     md->setHtml(markup);
 #endif

+    if (canSmartCopyOrDelete)
+        md->setData(QLatin1String("application/vnd.qtwebkit.smartpaste"), QByteArray());
 #ifndef QT_NO_CLIPBOARD
     QGuiApplication::clipboard()->setMimeData(md, m_selectionMode ? QClipboard::Selection : QClipboard::Clipboard);
 #endif
-    if (canSmartCopyOrDelete)
-        md->setData(QLatin1String("application/vnd.qtwebkit.smartpaste"), QByteArray());
 }

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list