Title: [88647] trunk/Source/WebKit2
- Revision
- 88647
- Author
- ander...@apple.com
- Date
- 2011-06-13 10:24:10 -0700 (Mon, 13 Jun 2011)
Log Message
2011-06-13 Anders Carlsson <ander...@apple.com>
Reviewed by Dan Bernstein.
Don't access freed memory in the UI process when a plug-in process crashes
https://bugs.webkit.org/show_bug.cgi?id=62548
Call pluginProcessCrashedOrFailedToLaunch after sending messages to all processes about the plug-in crash,
otherwise we'll try to dereference m_pluginInfo.path after the PluginProcessProxy object has been deleted.
* UIProcess/Plugins/PluginProcessProxy.cpp:
(WebKit::PluginProcessProxy::didClose):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (88646 => 88647)
--- trunk/Source/WebKit2/ChangeLog 2011-06-13 17:14:36 UTC (rev 88646)
+++ trunk/Source/WebKit2/ChangeLog 2011-06-13 17:24:10 UTC (rev 88647)
@@ -1,3 +1,16 @@
+2011-06-13 Anders Carlsson <ander...@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Don't access freed memory in the UI process when a plug-in process crashes
+ https://bugs.webkit.org/show_bug.cgi?id=62548
+
+ Call pluginProcessCrashedOrFailedToLaunch after sending messages to all processes about the plug-in crash,
+ otherwise we'll try to dereference m_pluginInfo.path after the PluginProcessProxy object has been deleted.
+
+ * UIProcess/Plugins/PluginProcessProxy.cpp:
+ (WebKit::PluginProcessProxy::didClose):
+
2011-06-13 Carlos Garcia Campos <cgar...@igalia.com>
Reviewed by Martin Robinson.
Modified: trunk/Source/WebKit2/UIProcess/Plugins/PluginProcessProxy.cpp (88646 => 88647)
--- trunk/Source/WebKit2/UIProcess/Plugins/PluginProcessProxy.cpp 2011-06-13 17:14:36 UTC (rev 88646)
+++ trunk/Source/WebKit2/UIProcess/Plugins/PluginProcessProxy.cpp 2011-06-13 17:24:10 UTC (rev 88647)
@@ -167,11 +167,12 @@
exitFullscreen();
#endif
- pluginProcessCrashedOrFailedToLaunch();
-
const Vector<WebContext*>& contexts = WebContext::allContexts();
for (size_t i = 0; i < contexts.size(); ++i)
contexts[i]->sendToAllProcesses(Messages::WebProcess::PluginProcessCrashed(m_pluginInfo.path));
+
+ // This will cause us to be deleted.
+ pluginProcessCrashedOrFailedToLaunch();
}
void PluginProcessProxy::didReceiveInvalidMessage(CoreIPC::Connection*, CoreIPC::MessageID)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes