Fix crashes due to qputenv being called after Chromium initialization.

The qputenv() call inside gl_surface_qt.cpp, which is executed on a
GpuChildThread, can reallocate the process environment structure,
and it is possible that at the same time the main thread calls getenv,
which will dereference a pointer to the freed environment structure,
essentially causing a use-after-free crash.

Make sure the qputenv() call happens before Chromium initialization
starts, so no thread-race can occur.

Change-Id: I4ecbdc8bf2abbe45f7d6c5d2633dc9fe27f51e66
Task-number: QTBUG-52124
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp
index 4db5b7f4e..d7254c8b8 100644
--- a/src/core/web_engine_context.cpp
+++ b/src/core/web_engine_context.cpp
@@ -228,6 +228,13 @@ WebEngineContext::WebEngineContext()
     useEmbeddedSwitches = !args.removeAll("--disable-embedded-switches");
 #endif
 
+#ifdef Q_OS_LINUX
+    // Call qputenv before BrowserMainRunnerImpl::Initialize is called.
+    // http://crbug.com/245466
+    qputenv("force_s3tc_enable", "true");
+#endif
+
+
     // Allow us to inject javascript like any webview toolkit.
     content::RenderFrameHost::AllowInjectingJavaScriptForAndroidWebView();