Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.9.1
Description
We are using a JS fuzzing library to generate random objects, which we pass as stringified JSON to a slot on a QObject that is exported to JS via a WebChannel, e.g. 100 slot calls back-to-back.
(https://github.com/NodeGuy/JavaScript-fuzz)
Sometimes we see our application crash in WebChannelIPCTransportHost::onWebChannelMessage - when it receives an empty message. The QJsonDocument there is then constructed over a null pointer leaving the field d->header NULL. The crash then happens in doc.object().
We can avoid the crash by checking for an empty message in onWebChannelMessage and then doing nothing, but that is not a real fix because we then see that not all of our slot calls get their JS callback function called.