[Webkit-unassigned] [Bug 167644] New: [GTK] GVariant criticals encoding WebKitWebViewSessionState on wiki.gnome.org

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 31 08:07:39 PST 2017


https://bugs.webkit.org/show_bug.cgi?id=167644

            Bug ID: 167644
           Summary: [GTK] GVariant criticals encoding
                    WebKitWebViewSessionState on wiki.gnome.org
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

Attaching a file to a wiki page on wiki.gnome.org (note: link to do that is at the bottom of the page, if you're logged in) causes the session state to somehow get corrupted and spew tons of criticals:

(epiphany:17763): GLib-CRITICAL **: g_variant_builder_add_value: assertion '!GVSB(builder)->expected_type || g_variant_is_of_type (value, GVSB(builder)->expected_type)' failed

Here's a backtrace taken with G_DEBUG=fatal-criticals:

#0  _g_log_abort (breakpoint=1)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:549
        debugger_present = 1
#1  0x00007f24cdd65023 in g_logv (log_domain=0x7f24cde11b8d "GLib", 
    log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7f24cddbf88b "%s: assertion '%s' failed", args=0x7f24677fb448)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:1357
        domain = 0x0
        data = 0x0
        depth = 1
        log_func = 0x7f24e3eb509c <trap_handler>
        domain_fatal_mask = 5
        masquerade_fatal = 0
        test_level = 10
        was_fatal = 0
        was_recursion = 0
        buffer = "\360\257\177g$\177\000\000\351\000L\320$\177\000\000 \260\177g$\177\000\000\030\260\177g$\177\000\000U\000\000\000\000\000\000\000\020\b\202v$\177\000\000\000\307\177g$\177\000\000\260\b\202v$\177\000\000 \260\177g$\177\000\000p\260\177g$\177\000\000\060\260\177g$\177\000\000t:\223\330$\177\000\000p\260\177g$\177\000\000\230\260\177g$\177\000\000P\260\177g$\177\000\000t:\223\330$\177\000\000\230\260\177g$\177\000\000\300\260\177g$\177\000\000p\260\177g$\177\000\000\000\000\000\000\000\000\000\000p\260\177g$\177\000\000N\027\223\330$\177\000\000\230\260\177g$\177\000\000\000\000\000\000\000\000\000\000\240\260\177g$\177\000\000"...
        msg = 0x22a9680 "g_variant_builder_add_value: assertion 'GVSB(builder)->offset < GVSB(builder)->max_items' failed"
        msg_alloc = 0x22a9680 "g_variant_builder_add_value: assertion 'GVSB(builder)->offset < GVSB(builder)->max_items' failed"
        i = 3
#2  0x00007f24cdd65114 in g_log (log_domain=0x7f24cde11b8d "GLib", 
    log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7f24cddbf88b "%s: assertion '%s' failed")
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:1398
        args = {{gp_offset = 40, fp_offset = 48, 
            overflow_arg_area = 0x7f24677fb520, 
            reg_save_area = 0x7f24677fb460}}
#3  0x00007f24cdd66c77 in g_return_if_fail_warning (
    log_domain=0x7f24cde11b8d "GLib", 
    pretty_function=0x7f24cde14330 <__func__.5492> "g_variant_builder_add_value", expression=0x7f24cde12a08 "GVSB(builder)->offset < GVSB(builder)->max_items")
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:2687
No locals.
#4  0x00007f24cdda13c9 in g_variant_builder_add_value (builder=0x7f24677fb940, 
    value=0x2a98090)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gvariant.c:3483
        __func__ = "g_variant_builder_add_value"
#5  0x00007f24cdda47d8 in g_variant_builder_add (builder=0x7f24677fb940, 
    format_string=0x7f24db538856 "u")
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gvariant.c:5532
        variant = 0x2a98090
        ap = {{gp_offset = 24, fp_offset = 48, 
            overflow_arg_area = 0x7f24677fb670, 
            reg_save_area = 0x7f24677fb5b0}}
#6  0x00007f24d8ef59f3 in encodeHTTPBody (sessionBuilder=0x7f24677fb940, 
    httpBody=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:129
        element = @0x7f24637eb410: {
          type = (anonymous namespace)::HTTPBody::Element::Type::Data, 
          data = {<WTF::VectorBuffer<char, 0ul>> = {<WTF::VectorBufferBase<char>> = {m_buffer = 0x0, m_capacity = 0, 
                m_size = 0}, <No data fields>}, <No data fields>}, filePath = {
            m_impl = {static isRefPtr = <optimized out>, 
              m_ptr = 0x7f24698461b0}}, fileStart = 0, 
          fileLength = {<std::constexpr_optional_base<long>> = {init_ = false, 
              storage_ = {dummy_ = 0 '\000', 
                value_ = 4294967040}}, <No data fields>}, 
          expectedFileModificationTime = {<std::constexpr_optional_base<double>> = {init_ = true, storage_ = {dummy_ = 0 '\000', 
                value_ = nan(0x8000000000000)}}, <No data fields>}, 
          blobURLString = {m_impl = {static isRefPtr = <optimized out>, 
              m_ptr = 0x0}}}
        __for_range = @0x7f24767c5348: {<WTF::VectorBuffer<WebKit::HTTPBody::Element, 0ul>> = {<WTF::VectorBufferBase<WebKit::HTTPBody::Element>> = {
              m_buffer = 0x7f24637eb3c0, m_capacity = 3, 
              m_size = 3}, <No data fields>}, <No data fields>}
        __for_begin = 0x7f24637eb410
        __for_end = 0x7f24637eb4b0
#7  0x00007f24d8ef6149 in encodeFrameState (sessionBuilder=0x7f24677fb940, 
    frameState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:179
No locals.
#8  0x00007f24d8ef6362 in encodePageState (sessionBuilder=0x7f24677fb940, 
    pageState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:196
No locals.
#9  0x00007f24d8ef6420 in encodeBackForwardListItemState (
    sessionBuilder=0x7f24677fb940, item=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:205
No locals.
#10 0x00007f24d8ef64aa in encodeBackForwardListState (
    sessionBuilder=0x7f24677fb940, backForwardListState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:213
        item = @0x7f24767c52c0: {identifier = 7, pageState = {title = {
              m_impl = {static isRefPtr = <optimized out>, 
                m_ptr = 0x7f246980ee70}}, mainFrameState = {urlString = {
                m_impl = {static isRefPtr = <optimized out>, 
                  m_ptr = 0x7f2469856e60}}, originalURLString = {m_impl = {
                  static isRefPtr = <optimized out>, m_ptr = 0x7f2469856eb0}}, 
              referrer = {m_impl = {static isRefPtr = <optimized out>, 
                  m_ptr = 0x7f24637e68e8}}, target = {m_impl = {
                  static isRefPtr = <optimized out>, m_ptr = 0x0}}, 
              documentState = {<WTF::VectorBuffer<WTF::String, 0ul>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x0, m_capacity = 0, 
                    m_size = 0}, <No data fields>}, <No data fields>}, 
              stateObjectData = {<std::optional_base<WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul> >> = {init_ = false, storage_ = {
                    dummy_ = 0 '\000', 
                    value_ = {<WTF::VectorBuffer<unsigned char, 0ul>> = {<WTF::VectorBufferBase<unsigned char>> = {m_buffer = 0x0, m_capacity = 0, 
                          m_size = 0}, <No data fields>}, <No data fields>}}}, <No data fields>}, documentSequenceNumber = 1485878022875566, 
              itemSequenceNumber = 1485878022875565, scrollPosition = {
                m_x = 0, m_y = 0}, pageScaleFactor = 0, 
              httpBody = {<std::optional_base<WebKit::HTTPBody>> = {
                  init_ = true, storage_ = {dummy_ = 200 '\310', value_ = {
                      contentType = {m_impl = {
                          static isRefPtr = <optimized out>, 
                          m_ptr = 0x7f246980eec8}}, 
                      elements = {<WTF::VectorBuffer<WebKit::HTTPBody::Element, 0ul>> = {<WTF::VectorBufferBase<WebKit::HTTPBody::Element>> = {
                            m_buffer = 0x7f24637eb3c0, m_capacity = 3, 
                            m_size = 3}, <No data fields>}, <No data fields>}}}}, <No data fields>}, 
              children = {<WTF::VectorBuffer<WebKit::FrameState, 0ul>> = {<WTF::VectorBufferBase<WebKit::FrameState>> = {m_buffer = 0x0, m_capacity = 0, 
                    m_size = 0}, <No data fields>}, <No data fields>}}, 
            shouldOpenExternalURLsPolicy = (anonymous namespace)::ShouldOpenExternalURLsPolicy::ShouldAllow}}
        __for_range = @0x7f24bfde5840: {<WTF::VectorBuffer<WebKit::BackForwardListItemState, 0ul>> = {<WTF::VectorBufferBase<WebKit::BackForwardListItemState>> = {m_buffer = 0x7f24767c5000, m_capacity = 16, 
              m_size = 5}, <No data fields>}, <No data fields>}
        __for_begin = 0x7f24767c52c0
        __for_end = 0x7f24767c5370
#11 0x00007f24d8ef6594 in encodeSessionState (sessionState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:227
        sessionBuilder = {u = {s = {partial_magic = 41265536, type = 0xa093e0, 
              y = {0, 0, 7, 7, 41636944, 7, 7, 2, 1033660112, 0, 0, 0, 0, 0}}, 
            x = {41265536, 10523616, 0, 0, 7, 7, 41636944, 7, 7, 2, 
              1033660112, 0, 0, 0, 0, 0}}}
        variant = {m_ptr = 0x7f24dfb2c6a8 <xmlFree>}
#12 0x00007f24d8ef754e in webkit_web_view_session_state_serialize (
    state=0x7f24bfde5840)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:460
        __PRETTY_FUNCTION__ = "GBytes* webkit_web_view_session_state_serialize(WebKitWebViewSessionState*)"
#13 0x00007f24e3c2bca9 in write_tab (writer=0x27283a0, tab=0x28530a0)
    at /home/mcatanzaro/Projects/GNOME/epiphany/src/ephy-session.c:726
        bytes = 0x7716f0
        ret = 0
#14 0x00007f24e3c2beff in write_ephy_window (writer=0x27283a0, 
    window=0x1c5a840)
    at /home/mcatanzaro/Projects/GNOME/epiphany/src/ephy-session.c:803
        tab = 0x28530a0
        l = 0x978da0
        ret = 0
#15 0x00007f24e3c2c167 in save_session_sync (task=0x9d9dd0, 
    source_object=0xe5a880, task_data=0x9b3120, cancellable=0x296fc70)
    at /home/mcatanzaro/Projects/GNOME/epiphany/src/ephy-session.c:893
        data = 0x9b3120
        buffer = 0x28413d0
        writer = 0x27283a0
        w = 0x916e40
        ret = 0
#16 0x00007f24d182ae7f in g_task_thread_pool_thread (thread_data=0x9d9dd0, 
    pool_data=0x0) at /home/mcatanzaro/Projects/GNOME/glib/gio/gtask.c:1328
        task = 0x9d9dd0
#17 0x00007f24cdd8b9e9 in g_thread_pool_thread_proxy (data=0x76c4d0)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gthreadpool.c:307
        task = 0x9d9dd0
        pool = 0x76c4d0
#18 0x00007f24cdd8b40f in g_thread_proxy (data=0x28aee80)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gthread.c:784
        thread = 0x28aee80
        __func__ = "g_thread_proxy"
#19 0x00007f24cc30b6ca in start_thread (arg=0x7f24677fc700)
    at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7f24677fc700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139794331977472, 
                -952831986412417169, 0, 140727833846303, 139794331978176, 
                139794331977472, 904681071671644015, 905017066599747439}, 
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, 
            data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#20 0x00007f24cda48f7f in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
No locals.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170131/ab88899a/attachment-0001.html>


More information about the webkit-unassigned mailing list