[Webkit-unassigned] [Bug 185818] New: [GTK][Wayland] UI process crash when closing the window

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon May 21 03:02:13 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=185818

            Bug ID: 185818
           Summary: [GTK][Wayland] UI process crash when closing the
                    window
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cgarcia at igalia.com
                CC: bugs-noreply at webkitgtk.org

This happens when a page containing a text field is loaded but the focus remains in the url bar when the window is closed. It can be easily reproducible with MiniBrowser:

 1 - Open MiniBrowser
 2 - Load google by typing the url in the bar
 3 - Close the window. Make sure the focus remains in the url bar, don't click the view mor move the mouse outside the window.

Thread 1 "MiniBrowser" received signal SIGSEGV, Segmentation fault.
__GI___libc_free (mem=0xaaaaaaaaaaaaaaaa) at malloc.c:3103
3103    malloc.c: No existe el fichero o el directorio.
(gdb) bt
#0  __GI___libc_free (mem=0xaaaaaaaaaaaaaaaa) at malloc.c:3103
#1  0x00007fff8e185dbd in reset_preedit (context=0x55555586ef10) at imwayland.c:107
#2  0x00007fffe5518fce in ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#3  0x00007fffe551893f in ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#4  0x00007fffe8ce3184 in ?? () from /usr/lib/x86_64-linux-gnu/libwayland-client.so.0
#5  0x00007fffe8cdf9d9 in ?? () from /usr/lib/x86_64-linux-gnu/libwayland-client.so.0
#6  0x00007fffe8ce0ea4 in wl_display_dispatch_queue_pending () from /usr/lib/x86_64-linux-gnu/libwayland-client.so.0
#7  0x00007fffe8ce12cb in wl_display_roundtrip_queue () from /usr/lib/x86_64-linux-gnu/libwayland-client.so.0
#8  0x00007ffff36cfd5c in gdk_flush () at gdkdisplay.c:598
#9  0x00007ffff3bbbe7f in gtk_main () at gtkmain.c:1327
#10 0x0000555555561464 in main ()

This is because we are sending a notify-in to the IM context, but the focus is still in the URL bar. That confuses the wayland input manager that tries to free the text of the web view IM context that has already been deleted, instead of the URL bar one.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180521/a426343c/attachment-0001.html>

More information about the webkit-unassigned mailing list