diff options
author | Alexandru Croitor <alexandru.croitor@theqtcompany.com> | 2016-03-30 18:22:21 +0200 |
---|---|---|
committer | Alexandru Croitor <alexandru.croitor@theqtcompany.com> | 2016-03-31 07:21:20 +0000 |
commit | 76c61aa1400ef2def204c3732e30e08e40631e8d (patch) | |
tree | 2c316715eb193e43d8b1ad73bbd9fe3068c67d8b | |
parent | 80ec51d5273e060551a9aa2d4878fee7c0cc1de2 (diff) |
Fix crashes due to qputenv being called after Chromium initialization.
The qputenv() call inside gl_surface_qt.cpp, which is executed on a
GpuChildThread, can reallocate the process environment structure,
and it is possible that at the same time the main thread calls getenv,
which will dereference a pointer to the freed environment structure,
essentially causing a use-after-free crash.
Make sure the qputenv() call happens before Chromium initialization
starts, so no thread-race can occur.
Change-Id: I4ecbdc8bf2abbe45f7d6c5d2633dc9fe27f51e66
Task-number: QTBUG-52124
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
-rw-r--r-- | src/core/gl_surface_qt.cpp | 3 | ||||
-rw-r--r-- | src/core/web_engine_context.cpp | 7 |
2 files changed, 7 insertions, 3 deletions
diff --git a/src/core/gl_surface_qt.cpp b/src/core/gl_surface_qt.cpp index 0124ae66d..8283e4cc4 100644 --- a/src/core/gl_surface_qt.cpp +++ b/src/core/gl_surface_qt.cpp @@ -174,9 +174,6 @@ bool GLSurfaceQtGLX::InitializeOneOff() if (initialized) return true; - // http://crbug.com/245466 - qputenv("force_s3tc_enable", "true"); - XInitThreads(); g_display = GLContextHelper::getXDisplay(); diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp index 4db5b7f4e..d7254c8b8 100644 --- a/src/core/web_engine_context.cpp +++ b/src/core/web_engine_context.cpp @@ -228,6 +228,13 @@ WebEngineContext::WebEngineContext() useEmbeddedSwitches = !args.removeAll("--disable-embedded-switches"); #endif +#ifdef Q_OS_LINUX + // Call qputenv before BrowserMainRunnerImpl::Initialize is called. + // http://crbug.com/245466 + qputenv("force_s3tc_enable", "true"); +#endif + + // Allow us to inject javascript like any webview toolkit. content::RenderFrameHost::AllowInjectingJavaScriptForAndroidWebView(); |