[webkit-gtk] Segfault rendering to GtkOffscreenWindow (regression 2.46.1 vs. 2.48.1)

Albrecht Dreß albrecht.dress at posteo.de
Wed Jun 4 11:39:41 PDT 2025


After upgrading libwebkit2gtk-4.1-0 on Debian Bookworm from version 2.46.1 (Debian package 2.46.1-2~bpo12+1) to version 2.48.1 (2.48.1-2~deb12u1), code rendering a WebKitWebView into a GtkOffscreenWindow (used for dumping and inspection without a “real” display) crashes with a Segfault.

A minimal example to reproduce the bug is attached.  In gdb, it produces the following backtrace:

<snip>
#0  0x00007ffff3660794 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.1.so.0
#1  0x00007ffff366ab1a in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.1.so.0
#2  0x00007ffff366da00 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.1.so.0
#3  0x00007ffff7f544e0 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4  0x00007ffff7f6dbbf in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x00007ffff7f6ddbf in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x00007ffff2179fa2 in gtk_widget_map () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#7  0x00007ffff2193050 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#8  0x00007ffff7f545a9 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9  0x00007ffff7f6dbbf in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x00007ffff7f6ddbf in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007ffff2179fa2 in gtk_widget_map () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#12 0x00007ffff203d793 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#13 0x00007ffff7f543b0 in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007ffff7f66d2d in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x00007ffff7f6dbf5 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#16 0x00007ffff7f6ddbf in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#17 0x00007ffff2173d16 in gtk_widget_show () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#18 0x0000555555555446 in activate (app=<optimized out>, user_data=<optimized out>) at sample.c:37
        context = 0x5555556a91c0
        offline_window = 0x555555a7a500
        view = 0x555555625710
        surface = 0x0
#19 0x00007ffff7f543b0 in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x00007ffff7f67076 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x00007ffff7f6dbf5 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#22 0x00007ffff7f6ddbf in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#23 0x00007ffff1bc5438 in  () at /lib/x86_64-linux-gnu/libgio-2.0.so.0
#24 0x00007ffff1bc55c6 in g_application_run () at /lib/x86_64-linux-gnu/libgio-2.0.so.0
#25 0x0000555555555251 in main (argc=<optimized out>, argv=<optimized out>) at sample.c:75
        app = 0x5555555860f0
        status = <optimized out>
</snip>

Unfortunately, there seems to be no libwebkit2gtk-4.1-0-dbgsym package, so I cannot tell where the crash actually occurs in libwebkit2gtk-4.1.so.0.

Running the same code on Trixie with version 2.46.6, a CRITICAL is emitted (both Bookworm versions do not print any messages), but the dumped PNG file is again fine:

<snip>
test at trixie:~/WebkitGTK$ ./sample 
** Message: 19:06:10.878: create window...

(sample:15756): Gdk-CRITICAL **: 19:06:11.365: gdk_window_get_origin: assertion 'GDK_IS_WINDOW (window)' failed
** Message: 19:06:11.369: load HTML...
** Message: 19:06:12.174: get snapshot...
** Message: 19:06:12.590: dump_snapshot: 0x55b228fbeab0 (no error)
** Message: 19:06:12.590: done
** Message: 19:06:12.659: write surface to 'sample.png': 0
</snip>

Upgrading to the Trixie version 2.48.1 again crashes.

The CRITICAL on Trixie might indicate that my code is actually wrong, although it worked perfectly for years meanwhile.  Any insight would be highly appreciated!

TIA, Albrecht.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sample.c
Type: text/x-csrc
Size: 2485 bytes
Desc: not available
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20250604/c42c5c78/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20250604/c42c5c78/attachment-0001.bin>


More information about the webkit-gtk mailing list