[Webkit-unassigned] [Bug 113286] New: segfault in UIProcess when webprocess crash while printing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 26 02:33:42 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=113286
Summary: segfault in UIProcess when webprocess crash while
printing
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: prahal at yahoo.com
CC: cgarcia at igalia.com
drawPagesForPrintingCompleted dereference wkPrintError thus segfault ensue when invalidate print handlers while
a printoperation is pending.(ie webprocess segfault while printing : this happens because
UIProcess send webpageproxy endPrinting at the end of printFrame which calls endPrint on WebProcess,
this free webkit print operation gtk unix while still gtk enumerating the printers with handler
enumeratePrintersFunction(GtkPrinter* printer, WebPrintOperationGtkUnix* printOperation)
ie the print operation is still referenced by the gtk printer list and "printer-added" happens. Though that
will deserve another bug report).
the segfault happens when on :
Source/WebKit2/UIProcess/API/gtk/WebKitPrintOperation.cpp:265
static void drawPagesForPrintingCompleted(WKErrorRef wkPrintError, WKErrorRef, void* context)
const WebCore::ResourceError& resourceError = toImpl(wkPrintError)->platformError();
after :
Source/WebKit2/UIProcess/GenericCallback.h:138
m_callback(0, toAPI(error.get()), context());
NB: the issue is that in invalidate WebKit::WebError* is passed as second argument and "0" as first argument. While
drawPagesForPrintingCompleted use first argument as error and second is ignored.
Not that easy since WebKit::WebPageProxy::printFinishedCallback also calls
drawPagesForPrintingCompleted via:
Source/WebKit2/UIProcess/GenericCallback.h:128
performCallbackWithReturnValue(InternalReturnValueType returnValue)
m_callback(toAPI(returnValue), 0, context());
Note how here WebKit::WebError ends up as first argument.
I worked around this locally via mangling drawPagesForPrintingCompleted from:
"
static void drawPagesForPrintingCompleted(WKErrorRef wkPrintError, WKErrorRef, void* context)
{
GRefPtr<WebKitPrintOperation> printOperation = adoptGRef(WEBKIT_PRINT_OPERATION(context));
WebPageProxy* page = webkitWebViewBaseGetPage(WEBKIT_WEB_VIEW_BASE(printOperation->priv->webView));
page->endPrinting();
const WebCore::ResourceError& resourceError = toImpl(wkPrintError)->platformError();
"
to:
"
static void drawPagesForPrintingCompleted(WKErrorRef wkPrintError, WKErrorRef wkInvalidateError, void* context)
{
GRefPtr<WebKitPrintOperation> printOperation = adoptGRef(WEBKIT_PRINT_OPERATION(context));
WebPageProxy* page = webkitWebViewBaseGetPage(WEBKIT_WEB_VIEW_BASE(printOperation->priv->webView));
page->endPrinting();
const WebCore::ResourceError& resourceError = (!wkPrintError && wkInvalidateError) ? toImpl(wkInvalidateError)->platformError()
: toImpl(wkPrintError)->platformError();
"
#0 drawPagesForPrintingCompleted (wkPrintError=0x0, context=0x196c780)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WebKit2/UIProcess/API/gtk/WebKitPrintOperation.cpp:260
#2 WebKit::GenericCallback<OpaqueWKError const*, WebKit::WebError*>::invalidate (this=0x7fff85cc3028)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WebKit2/UIProcess/GenericCallback.h:137
#3 0x00007ffff4e812f5 in WebKit::invalidateCallbackMap<WTF::RefPtr<WebKit::GenericCallback<OpaqueWKError const*, WebKit::WebError*> > > (map=...)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WebKit2/UIProcess/GenericCallback.h:249
#4 0x00007ffff4e74f5e in WebKit::WebPageProxy::processDidCrash (this=0x7fffe0456000)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WebKit2/UIProcess/WebPageProxy.cpp:3680
#5 0x00007ffff4eb1b3a in WebKit::WebProcessProxy::didClose (this=0x7fffe0459dc0)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WebKit2/UIProcess/WebProcessProxy.cpp:400
#6 0x00007ffff5c864c3 in operator() (this=<synthetic pointer>)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WTF/wtf/Functional.h:704
#7 WebCore::RunLoop::performWork (this=0x7fffe0403c30)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WebCore/platform/RunLoop.cpp:91
#8 0x00007ffff60edfe9 in WebCore::RunLoop::queueWork (runLoop=<optimized out>)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/webkitgtk-1.11.92/Source/WebCore/platform/gtk/RunLoopGtk.cpp:104
#9 0x00007ffff0ae522f in g_idle_dispatch (source=0x7fff7c003920, callback=0x7ffff60edfe0 <WebCore::RunLoop::queueWork(WebCore::RunLoop*)>,
user_data=0x7fffe0403c30) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:5205
#10 0x00007ffff0ae2ad4 in g_main_dispatch (context=0x72d490) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3054
#11 0x00007ffff0ae382b in g_main_context_dispatch (context=0x72d490) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3630
#12 0x00007ffff0ae3a1d in g_main_context_iterate (context=0x72d490, block=1, dispatch=1, self=0x77e2d0)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3701
#13 0x00007ffff0ae3ae1 in g_main_context_iteration (context=0x72d490, may_block=1)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3762
#14 0x00007ffff1318052 in g_application_run (application=0x8ea080 [EphyShell], argc=1, argv=0x7fffffffbd08)
at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gio/gapplication.c:1623
#15 0x00000000004339a6 in main (argc=1, argv=0x7fffffffbd08) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/epiphany/src/ephy-main.c:472
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list