[Webkit-unassigned] [Bug 168516] New: [GTK] UI process crash in WebCore::PasteboardHelper::fillSelectionData

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 17 07:57:56 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=168516

            Bug ID: 168516
           Summary: [GTK] UI process crash in
                    WebCore::PasteboardHelper::fillSelectionData
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

I hit this after 20 minutes of editing the CSS grid layout blog post and lost all my work. :( The backtrace is not very great due to a gdb bug, but it looks like we got the first frames:

Thread 1 (Thread 0x7f2faec05fc0 (LWP 3337)):
#0  0x00007f2faafc8c38 in WTF::RefPtr<WTF::StringImpl>::operator!() const (this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.3/Source/WTF/wtf/RefPtr.h:75
#1  0x00007f2faafc8c38 in WTF::String::utf8(WTF::ConversionMode) const (this=this at entry=0x8, mode=mode at entry=WTF::LenientConversion) at /usr/src/debug/webkitgtk-2.14.3/Source/WTF/wtf/text/WTFString.cpp:820
#2  0x00007f2faafc8caf in WTF::String::utf8() const (this=this at entry=0x8) at /usr/src/debug/webkitgtk-2.14.3/Source/WTF/wtf/text/WTFString.cpp:828
#3  0x00007f2fac8bb606 in WebCore::PasteboardHelper::fillSelectionData(WebCore::SelectionData const&, unsigned int, _GtkSelectionData*) (this=<optimized out>, selection=..., info=<optimized out>, selectionData=0x7ffe0cf4a170) at /usr/src/debug/webkitgtk-2.14.3/Source/WebCore/platform/gtk/PasteboardHelper.cpp:149
#7  0x00007f2fa6fa98eb in <emit signal 0x7f2fa8ecb032 "drag-data-get" on instance 0x55ea9be53f60 [EphyWebView]> (instance=0x55ea9be53f60, detailed_signal=detailed_signal at entry=0x7f2fa8ecb032 "drag-data-get") at gsignal.c:3487
        var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffe0cf49ba0, reg_save_area = 0x7ffe0cf49ab0}}
        detail = 0
        itype = 94466098371744
        __func__ = "g_signal_emit_by_name"
    #4  0x00007f2fa6f8e3e5 in g_closure_invoke (closure=closure at entry=0x55ea9a3a21b0, return_value=return_value at entry=0x0, n_param_values=5, param_values=param_values at entry=0x7ffe0cf49800, invocation_hint=invocation_hint at entry=0x7ffe0cf49780) at gclosure.c:804
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
                real_closure = 0x55ea9a3a2190
                __func__ = "g_closure_invoke"
    #5  0x00007f2fa6fa082d in signal_emit_unlocked_R (node=node at entry=0x55ea9a3a5180, detail=detail at entry=0, instance=instance at entry=0x55ea9be53f60, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0x7ffe0cf49800) at gsignal.c:3673
                accumulator = 0x0
                emission = {next = 0x7ffe0cf49d00, instance = 0x55ea9be53f60, ihint = {signal_id = 106, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 94466098371744}
                class_closure = 0x55ea9a3a21b0
                handler_list = <optimized out>
                return_accu = 0x0
                accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 106
                max_sequential_handler_number = 28184
                return_value_altered = 0
    #6  0x00007f2fa6fa905f in g_signal_emit_valist (instance=instance at entry=0x55ea9be53f60, signal_id=signal_id at entry=106, detail=detail at entry=0, var_args=var_args at entry=0x7ffe0cf49a68) at gsignal.c:3391
                instance_and_params = 0x7ffe0cf49800
                signal_return_type = <optimized out>
                param_values = 0x7ffe0cf49818
                node = <optimized out>
                i = <optimized out>
                n_params = <optimized out>
                __func__ = "g_signal_emit_valist"
#8  0x00007f2fa8ea315d in gtk_drag_selection_get (widget=<optimized out>, selection_data=0x7ffe0cf4a170, sel_info=<optimized out>, time=1782394, data=0x55ea9ef455b0) at gtkdnd.c:2690
        info = 0x55ea9ef455b0
        null_atom = 0x6a
        target_info = 1
#12 0x00007f2fa6fa98eb in <emit signal 0x7f2fa8f24e43 "selection-get" on instance 0x55ea9a381cc0 [GtkWindow]> (instance=instance at entry=0x55ea9a381cc0, detailed_signal=detailed_signal at entry=0x7f2fa8f24e43 "selection-get") at gsignal.c:3487
        var_args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffe0cf4a110, reg_save_area = 0x7ffe0cf4a020}}
        detail = 0
        itype = 94466098320528
        __
Timeout exceeded: 240 seconds, killing gdb.
Looks like gdb hung while generating backtrace.
This may be a bug in gdb. Consider submitting a bug report to gdb developers.
Please attach coredump from this crash to the bug report if you do.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170217/f6c60082/attachment-0001.html>

More information about the webkit-unassigned mailing list