[Webkit-unassigned] [Bug 109287] [GTK] Crash in webkitURIResponseSetCertificateInfo()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Feb 9 10:07:42 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=109287


arno. <arno at renevier.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://localhost/tmp/crash. |http://renevier.net/misc/we
                   |php                         |bkit_109225.php




--- Comment #7 from arno. <arno at renevier.net>  2013-02-09 10:09:52 PST ---
(In reply to comment #6)
> (In reply to comment #0)
> > Stacktrace:
> > 
> > #0  0x00007ffff6313647 in webkitURIResponseSetCertificateInfo(_WebKitURIResponse*, WebKit::WebCertificateInfo*) ()
> >    from /home/claudio/git/gnome/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.0
> > #1  0x00007ffff6321dc1 in webkitWebViewLoadChanged(_WebKitWebView*, WebKitLoadEvent) ()
> >    from /home/claudio/git/gnome/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.0
> > #2  0x00007ffff63795e0 in WebKit::WebPageProxy:idCommitLoadForFrame(unsigned long, WTF:tring const&, bool, unsigned int, WebKit:latformCertificateInfo const&, CoreIPC::MessageDecoder&) ()
> > 
> > Quick analysis:
> > 
> > WebKitWebView's setCertificateToMainResource() is calling webkitURIResponseSetCertificateInfo() and passing an unchecked call to webkit_web_resource_get_response() as the WebKitURIResponse parameter. The docs for webkit_web_resource_get_response() tell that this function can return NULL but webkitURIResponseSetCertificateInfo() doesn't check for this and dereferences directly.
> 
> webkit_we_resource_get_response can return NULL, but it should never happen when setCertificateToMainResource is called, how can I reproduce this crash?
> 
> > The quick fix would be not to call to webkitURIResponseSetCertificateInfo() if the webresource doesn't have yet a response, but I am not sure whether this is the right thing.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list