[Webkit-unassigned] [Bug 145114] New: [GTK] Crash when handling NPAPI plugin

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun May 17 23:23:04 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=145114

            Bug ID: 145114
           Summary: [GTK] Crash when handling NPAPI plugin
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tpopela at redhat.com

As reported on https://bugzilla.redhat.com/show_bug.cgi?id=1222241 the WebProcess (WebKitGTK+ 2.8.1) crashed when handling the libgnome-shell-browser-plugin plugin. I'm curious if we can simply early return from WebKit::NetscapePlugin::platformVisibilityDidChange if we cannot obtain valid GdkWindow with gtk_plug_get_socket_window.

#0  0x00007f5f2dbc2b82 in _gdk_window_has_impl (window=window at entry=0x0) at gdkwindow.c:593
No locals.
#1  0x00007f5f2dbf39ee in gdk_x11_window_get_xid (window=0x0) at gdkwindow-x11.c:5527
No locals.
#2  0x00007f5f3594c28d in WebKit::NetscapePlugin::platformVisibilityDidChange (this=0x7f5f117fb158) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp:291
        windowID = 0
#3  0x00007f5f357515a6 in WebKit::PluginControllerProxy::visibilityDidChange (this=0x7f5f396c3eb0, isVisible=<optimized out>) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/PluginProcess/PluginControllerProxy.cpp:445
No locals.
#4  0x00007f5f3595e8ac in callMemberFunctionImpl<WebKit::PluginControllerProxy, void (WebKit::PluginControllerProxy::*)(bool), std::tuple<bool>, 0ul> (args=<optimized out>, function=<optimized out>, object=0x7f5f396c3eb0) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/Platform/IPC/HandleMessage.h:16
No locals.
#5  callMemberFunction<WebKit::PluginControllerProxy, void (WebKit::PluginControllerProxy::*)(bool), std::tuple<bool>, std::make_index_sequence<1ul> > (function=<optimized out>, object=0x7f5f396c3eb0, args=<unknown type in /usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.6.4.debug, CU 0xbbd7d6e, DIE 0xbc148d3>) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/Platform/IPC/HandleMessage.h:22
No locals.
#6  IPC::handleMessage<Messages::PluginControllerProxy::MutedStateChanged, WebKit::PluginControllerProxy, void (WebKit::PluginControllerProxy::*)(bool)> (decoder=..., object=object at entry=0x7f5f396c3eb0, function=(void (WebKit::PluginControllerProxy::*)(WebKit::PluginControllerProxy * const, bool)) 0x7f5f35751590 <WebKit::PluginControllerProxy::visibilityDidChange(bool)>) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/Platform/IPC/HandleMessage.h:92
        arguments = std::tuple containing = {[1] = false}
#7  0x00007f5f3595d9f4 in WebKit::PluginControllerProxy::didReceivePluginControllerProxyMessage (this=this at entry=0x7f5f396c3eb0, connection=..., decoder=...) at /usr/src/debug/webkitgtk-2.8.1/x86_64-redhat-linux-gnu/DerivedSources/WebKit2/PluginControllerProxyMessageReceiver.cpp:81
No locals.
#8  0x00007f5f35754d88 in WebKit::WebProcessConnection::didReceiveMessage (this=<optimized out>, connection=..., decoder=...) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:140
        protector = {m_pluginController = 0x7f5f396c3eb0}
#9  0x00007f5f3574bcfb in IPC::Connection::dispatchMessage (this=this at entry=0x7f5f117ff3f0, message=std::unique_ptr<IPC::MessageDecoder> containing 0x7f5f11fd5420) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/Platform/IPC/Connection.cpp:860
        oldDidReceiveInvalidMessage = false
#10 0x00007f5f3574c551 in IPC::Connection::dispatchOneMessage (this=0x7f5f117ff3f0) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/Platform/IPC/Connection.cpp:888
        message = std::unique_ptr<IPC::MessageDecoder> containing 0x0
#11 0x00007f5f36b3bf21 in operator() (this=0x7ffde75c4570) at /usr/include/c++/5.0.0/functional:2271
No locals.
#12 WTF::RunLoop::performWork (this=0x7f5f11ff8000) at /usr/src/debug/webkitgtk-2.8.1/Source/WTF/wtf/RunLoop.cpp:104
        function = {<std::_Maybe_unary_or_binary_function<void>> = {<No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7f5ec4001e00, _M_const_object = 0x7f5ec4001e00, _M_function_pointer = 0x7f5ec4001e00, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7f5ec4001e00, this adjustment 140046412330767}, _M_pod_data = "\000\036\000\304^\177\000\000\017\267\250\030_\177\000"}, _M_manager = 0x7f5f3574d280 <std::_Function_base::_Base_manager<WTF::Function<void ()> >::_M_manager(std::_Any_data&, std::_Any_data const&, std::_Manager_operation)>}, _M_invoker = 0x7f5f3574d1e0 <std::_Function_handler<void (), WTF::Function<void ()> >::_M_invoke(std::_Any_data const&)>}
        functionsToHandle = <optimized out>
#13 0x00007f5f34f4b225 in operator() (this=0x7ffde75c4638) at /usr/include/c++/5.0.0/functional:2271
No locals.
#14 WTF::GMainLoopSource::voidCallback (this=0x7f5f11fd82c0) at /usr/src/debug/webkitgtk-2.8.1/Source/WTF/wtf/gobject/GMainLoopSource.cpp:365
        context = {source = {m_ptr = 0x7f5ec4001e60}, cancellable = {m_ptr = 0x0}, socketCancellable = {m_ptr = 0x0}, voidCallback = {<std::_Maybe_unary_or_binary_function<void>> = {<No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7f5ec4001e40, _M_const_object = 0x7f5ec4001e40, _M_function_pointer = 0x7f5ec4001e40, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7f5ec4001e40, this adjustment 140046961219824}, _M_pod_data = "@\036\000\304^\177\000\000\360\030`9_\177\000"}, _M_manager = 0x7f5f36b3fdc0 <std::_Function_base::_Base_manager<WTF::RunLoop::wakeUp()::<lambda()> >::_M_manager(std::_Any_data &, const std::_Any_data &, std::_Manager_operation)>}, _M_invoker = 0x7f5f36b3fd80 <std::_Function_handler<void(), WTF::RunLoop::wakeUp()::<lambda()> >::_M_invoke(const std::_Any_data &)>}, boolCallback = {<std::_Maybe_unary_or_binary_function<bool>> = {<No data field
#15 0x00007f5f34f4742a in WTF::GMainLoopSource::voidSourceCallback (source=<optimized out>) at /usr/src/debug/webkitgtk-2.8.1/Source/WTF/wtf/gobject/GMainLoopSource.cpp:456
No locals.
#16 0x00007f5f31e84a8a in g_main_dispatch (context=0x7f5f396018f0) at gmain.c:3122
        dispatch = 0x7f5f31e81530 <g_idle_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7f5f11fd82c0
        callback = 0x7f5f34f47420 <WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*)>
        cb_funcs = 0x7f5f321738a0 <g_source_callback_funcs>
        cb_data = 0x7f5ec4001ef0
        need_destroy = <optimized out>
        source = 0x7f5ec4001e60
        current = 0x7f5f395e9500
        i = 0
#17 g_main_context_dispatch (context=context at entry=0x7f5f396018f0) at gmain.c:3737
No locals.
#18 0x00007f5f31e84e20 in g_main_context_iterate (context=0x7f5f396018f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3808
        max_priority = 2147483647
        timeout = 1133
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 3
        fds = 0x7f5f3968e920
#19 0x00007f5f31e85142 in g_main_loop_run (loop=0x7f5f3968e860) at gmain.c:4002
        __func__ = "g_main_loop_run"
#20 0x00007f5f358e1e4b in WebKit::ChildProcessMain<WebKit::PluginProcess, WebKit::PluginProcessMain> (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/webkitgtk-2.8.1/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
        childMain = {<WebKit::ChildProcessMainBase> = {_vptr.ChildProcessMainBase = 0x7f5f3723fd50 <vtable for WebKit::PluginProcessMain+16>, m_parameters = {uiProcessName = {m_impl = {m_ptr = 0x0}}, clientIdentifier = {m_impl = {m_ptr = 0x0}}, connectionIdentifier = 34, extraInitializationData = {m_impl = {static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x7f5f11ffb200, m_tableSize = 8, m_tableSizeMask = 7, m_keyCount = 1, m_deletedCount = 0}}}}, <No data fields>}
#21 0x00007f5f2c4b8790 in __libc_start_main (main=0x7f5f37600bd0 <main(int, char**)>, argc=3, argv=0x7ffde75c4998, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffde75c4988) at libc-start.c:289
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -5599487145779380534, 140046927662048, 140728485038480, 0, 0, -5544212190049583414, -5599497930774659382}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffde75c49b8, 0x7f5f375ff148}, data = {prev = 0x0, cleanup = 0x0, canceltype = -413382216}}}
        not_first_call = <optimized out>
#22 0x00007f5f37600c09 in _start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150518/beba7ef6/attachment-0001.html>

More information about the webkit-unassigned mailing list