[Webkit-unassigned] [Bug 112334] Reset all clients on WebPage close
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 23 03:56:55 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=112334
--- Comment #4 from Sergio Villar Senin <svillar at igalia.com> 2013-05-23 03:55:25 PST ---
(In reply to comment #0)
> There's a small chance that someone will call one of the clients WebPage holds when the page has already been destructed, since the pointers are valid after ::close(). This won't work and will (at least in the GTK+ port) cause a bunch of warnings. To avoid this situation just reset all clients to null, like the WebPageProxy class does.
Actually there is not only a small chance but I found an scenario where not reseting the clients causes a crash 100% of the times.
So imagine that a webpage has some javascript that executes a XmlHttpRequest in the onunload() event handler. The ::close() method of the WebPage calls injectedBundle->willDestroyPage(). That will likely be used by the WKBundlePageResourceLoadClients to free their resources, including the clientInfo they have passed to the WKBundlePageSetResourceLoadClient.
In the same ::close() method, we find a call to m_mainFrame->coreFrame()->loader()->detachFromParent() which will trigger the execution of the XMLHttpRequest, which will issue a willSendRequest among other notifications. As the client is still set, the method will be called but it will likely try to use client's already freed resources leading to crashes.
So yeah I big +1 for this change :)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list