46536 – REGRESSION (r68260): Crash in PlatformCertificateInfo::~PlatformCertificateInfo when navigating away from Gmail

Bug 46536 - REGRESSION (r68260): Crash in PlatformCertificateInfo::~PlatformCertificateInfo when navigating away from Gmail

Summary: REGRESSION (r68260): Crash in PlatformCertificateInfo::~PlatformCertificateIn...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows XP

Importance:	P2 Normal
Assignee:	Adam Roben (:aroben)

URL:
Keywords:	InRadar, PlatformOnly, Regression

Depends on:
Blocks:

Reported:	2010-09-24 16:14 PDT by Adam Roben (:aroben)
Modified:	2010-09-27 06:29 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows (2.82 KB, patch) 2010-09-27 06:09 PDT, Adam Roben (:aroben)	no flags	Details \| Formatted Diff \| Diff
Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows (2.85 KB, patch) 2010-09-27 06:19 PDT, Adam Roben (:aroben)	sam: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Roben (:aroben) 2010-09-24 16:14:37 PDT

To reproduce:

1. Go to http://gmail.com/ in WebKit2
2. Go to some other page

You'll crash in PlatformCertificateInfo::~PlatformCertificateInfo. Here's the backtrace:


 	crypt32.dll!ReleaseContextElement()  + 0x18 bytes	
 	crypt32.dll!_CertFreeCertificateContext@4()  + 0x15 bytes	
>	WebKit.dll!WebKit::PlatformCertificateInfo::~PlatformCertificateInfo()  Line 63 + 0xe bytes	C++
 	WebKit.dll!WebKit::WebCertificateInfo::~WebCertificateInfo()  + 0x19 bytes	C++
 	WebKit.dll!WebKit::WebCertificateInfo::`scalar deleting destructor'()  + 0x16 bytes	C++
 	WebKit.dll!WTF::RefCounted<WebKit::APIObject>::deref()  Line 139 + 0x3a bytes	C++
 	WebKit.dll!WTF::derefIfNotNull<WebKit::WebCertificateInfo>(WebKit::WebCertificateInfo * ptr=0x099888e8)  Line 59	C++
 	WebKit.dll!WTF::RefPtr<WebKit::WebCertificateInfo>::operator=(const WTF::PassRefPtr<WebKit::WebCertificateInfo> & o={...})  Line 140 + 0x9 bytes	C++
 	WebKit.dll!WebKit::WebFrameProxy::setCertificateInfo(WTF::PassRefPtr<WebKit::WebCertificateInfo> certificateInfo={...})  Line 69	C++
 	WebKit.dll!WebKit::WebPageProxy::didCommitLoadForFrame(WebKit::WebFrameProxy * frame=0x0987a0b8, const WebKit::PlatformCertificateInfo & certificateInfo={...}, WebKit::APIObject * userData=0x00000000)  Line 1038	C++
 	WebKit.dll!WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection * connection=0x08cda7a8, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0aa1cac8)  Line 616	C++
 	WebKit.dll!WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection * connection=0x08cda7a8, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0aa1cac8)  Line 356	C++
 	WebKit.dll!CoreIPC::Connection::dispatchMessages()  Line 278 + 0x33 bytes	C++
 	WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute()  Line 74 + 0x10 bytes	C++
 	WebKit.dll!RunLoop::performWork()  Line 62 + 0x1a bytes	C++
 	WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x000b0a82, unsigned int message=1025, unsigned int wParam=106901664, long lParam=0)  Line 56	C++
 	WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x000b0a82, unsigned int message=1025, unsigned int wParam=106901664, long lParam=0)  Line 38 + 0x18 bytes	C++

Comment 1 Adam Roben (:aroben) 2010-09-24 16:14:55 PDT

Luckily, I have a fix!

Comment 2 Adam Roben (:aroben) 2010-09-24 16:15:48 PDT

<rdar://problem/8477292>

Comment 3 Adam Roben (:aroben) 2010-09-27 06:09:03 PDT

Created attachment 68899 [details]
Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows

Comment 4 Sam Weinig 2010-09-27 06:14:13 PDT

Comment on attachment 68899 [details]
Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows

View in context: https://bugs.webkit.org/attachment.cgi?id=68899&action=review

> WebKit2/Shared/win/PlatformCertificateInfo.cpp:77
> +PlatformCertificateInfo& PlatformCertificateInfo::operator=(const PlatformCertificateInfo& other)
> +{
> +    if (m_certificateContext)
> +        ::CertFreeCertificateContext(m_certificateContext);
> +    m_certificateContext = ::CertDuplicateCertificateContext(other.m_certificateContext);
> +    return *this;
> +}

We should try and handle the self-assignment case here.

Comment 5 Adam Roben (:aroben) 2010-09-27 06:19:57 PDT

Created attachment 68901 [details]
Don't double-free CERT_CONTEXTs when copying PlatformCertificateInfos on Windows

Comment 6 Adam Roben (:aroben) 2010-09-27 06:29:36 PDT

Committed r68387: <http://trac.webkit.org/changeset/68387>