[Webkit-unassigned] [Bug 118396] New: [GTK] crash on WebKit::GtkAdjustmentWatcher::updateAdjustmentsFromScrollbars when destroying a webview

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 4 11:06:06 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=118396

           Summary: [GTK] crash on
                    WebKit::GtkAdjustmentWatcher::updateAdjustmentsFromScr
                    ollbars when destroying a webview
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: pochu27 at gmail.com


This is happening with webkitgtk+ 2.0.3, libwebkitgtk-3.0.so (so GTK+ 3 and not WebKit2)

I have an application that in certain situations creates a webview only to destroy it later (because a condition is met and we can't use it). This seems to trigger a race and later on the application crashes:

Program received signal SIGSEGV, Segmentation fault.
WebKit::core (webView=0x3fb999999999999a) at ../Source/WebKit/gtk/webkit/webkitwebview.cpp:5415
5415    ../Source/WebKit/gtk/webkit/webkitwebview.cpp: No such file or directory.
(gdb) bt
#0  WebKit::core (webView=0x3fb999999999999a) at ../Source/WebKit/gtk/webkit/webkitwebview.cpp:5415
#1  0x00007ffff51798b8 in WebKit::GtkAdjustmentWatcher::updateAdjustmentsFromScrollbars (this=0x20f6540)
    at ../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:65
#2  0x00007ffff5179939 in WebKit::updateAdjustmentCallback (
    watcher=<error reading variable: value has been optimized out>)
    at ../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:76
#3  0x00007fffeff30fa3 in g_timeout_dispatch (source=source at entry=0x21015b0, callback=<optimized out>, 
    user_data=<optimized out>) at gmain.c:4413
#4  0x00007fffeff30446 in g_main_dispatch (context=0x65f500) at gmain.c:3054
#5  g_main_context_dispatch (context=context at entry=0x65f500) at gmain.c:3630
#6  0x00007fffeff30798 in g_main_context_iterate (context=context at entry=0x65f500, block=block at entry=1, 
    dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3701
#7  0x00007fffeff3083c in g_main_context_iteration (context=0x65f500, context at entry=0x0, 
    may_block=may_block at entry=1) at gmain.c:3762
#8  0x00007ffff1096624 in g_application_run (application=0x68c110, argc=argc at entry=1, 
    argv=argv at entry=0x7fffffffdf58) at gapplication.c:1623
#9  0x0000000000409e76 in main (argc=1, argv=0x7fffffffdf58) at main.c:78
(gdb) 

This only happens about 10-20% of the time with one webview being created and quickly destroyed.

I have found these bugs which look like are hitting the same issue in webkitgtk+ and happen in different applications (empathy, epiphany, eclipse):

https://bugzilla.redhat.com/show_bug.cgi?id=928783
https://bugzilla.redhat.com/show_bug.cgi?id=869598
https://bugzilla.redhat.com/show_bug.cgi?id=874353

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list