[Webkit-unassigned] [Bug 194698] New: [GTK] Crash while filling selection data during drag and drop
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 15 01:55:31 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=194698
Bug ID: 194698
Summary: [GTK] Crash while filling selection data during drag
and drop
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: tpopela at redhat.com
CC: bugs-noreply at webkitgtk.org
We get these two reports in Fedora - one from Epiphany and the other on from yelp. The this at entry=0x8 seems suspicious.
Core was generated by `epiphany --application-mode --profile=/home/kusma/.config/epiphany/app-epiphany'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fd765b0398c in WTF::String::tryGetUtf8 (this=this at entry=0x8, mode=mode at entry=WTF::LenientConversion) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:843
[Current thread is 1 (Thread 0x7fd7609f7cc0 (LWP 18017))]
Thread 1 (Thread 0x7fd7609f7cc0 (LWP 18017)):
#0 0x00007fd765b0398c in WTF::String::tryGetUtf8 (this=this at entry=0x8, mode=mode at entry=WTF::LenientConversion) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:843
No locals.
#1 0x00007fd765b03a64 in WTF::String::utf8 (this=this at entry=0x8, mode=mode at entry=WTF::LenientConversion) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:854
expectedString = {<std::experimental::fundamentals_v3::__expected_detail::base<WTF::CString, WTF::UTF8ConversionError>> = {s = {dummy = 0 '\000', val = {m_buffer = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, err = WTF::UTF8ConversionError::None}, has = false}, <No data fields>}
#2 0x00007fd765b03b03 in WTF::String::utf8 (this=this at entry=0x8) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:861
No locals.
#3 0x00007fd767cff996 in WebCore::PasteboardHelper::fillSelectionData (this=<optimized out>, selection=..., info=<optimized out>, selectionData=0x7ffe54cdec30) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WebCore/platform/gtk/SelectionData.h:38
No locals.
#4 0x00007fd7692403dd in g_closure_invoke (closure=0x55b536b1be50, return_value=0x0, n_param_values=5, param_values=0x7ffe54cde2b0, invocation_hint=0x7ffe54cde230) at gclosure.c:810
marshal = 0x7fd76923e8c0 <g_type_class_meta_marshal>
marshal_data = 0x268
in_marshal = 0
real_closure = 0x55b536b1be30
__func__ = "g_closure_invoke"
#5 0x00007fd7692531b4 in signal_emit_unlocked_R (node=node at entry=0x55b536b1e360, detail=detail at entry=0, instance=instance at entry=0x55b53747f810, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0x7ffe54cde2b0) at gsignal.c:3673
accumulator = 0x0
emission = {next = 0x7ffe54cde7c0, instance = 0x55b53747f810, ihint = {signal_id = 110, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 94236795894320}
class_closure = 0x55b536b1be50
hlist = <optimized out>
handler_list = <optimized out>
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 110
max_sequential_handler_number = 68308
return_value_altered = 0
#6 0x00007fd76925caaa in g_signal_emit_valist (instance=instance at entry=0x55b53747f810, signal_id=signal_id at entry=110, detail=detail at entry=0, var_args=var_args at entry=0x7ffe54cde518) at gsignal.c:3391
instance_and_params = 0x7ffe54cde2b0
signal_return_type = <optimized out>
param_values = 0x7ffe54cde2c8
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#7 0x00007fd76925d584 in g_signal_emit_by_name (instance=0x55b53747f810, detailed_signal=detailed_signal at entry=0x7fd7698234d6 "drag-data-get") at gsignal.c:3487
var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffe54cde650, reg_save_area = 0x7ffe54cde560}}
detail = 0
signal_id = 110
itype = 94236795894320
__func__ = "g_signal_emit_by_name"
#8 0x00007fd7697ec355 in gtk_drag_selection_get (widget=<optimized out>, selection_data=0x7ffe54cdec30, sel_info=<optimized out>, time=90823832, data=0x55b5389732d0) at gtkdnd.c:2725
info = 0x55b5389732d0
null_atom = 0x86
target_info = 1
#9 0x00007fd7692403dd in g_closure_invoke (closure=0x55b538a1c120, return_value=0x0, n_param_values=4, param_values=0x7ffe54cde850, invocation_hint=0x7ffe54cde7d0) at gclosure.c:810
marshal = 0x7fd769817300 <_gtk_marshal_VOID__BOXED_UINT_UINT>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x55b538a1c100
__func__ = "g_closure_invoke"
#10 0x00007fd769253983 in signal_emit_unlocked_R (node=node at entry=0x55b536b1dee0, detail=detail at entry=0, instance=instance at entry=0x55b536ae4d20, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0x7ffe54cde850) at gsignal.c:3635
tmp = <optimized out>
handler = 0x55b5379ecc40
accumulator = 0x0
emission = {next = 0x7ffe54cdef80, instance = 0x55b536ae4d20, ihint = {signal_id = 100, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
class_closure = 0x55b536adff20
hlist = <optimized out>
handler_list = 0x55b5379ecc40
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 100
max_sequential_handler_number = 68308
return_value_altered = 0
#11 0x00007fd76925caaa in g_signal_emit_valist (instance=instance at entry=0x55b536ae4d20, signal_id=signal_id at entry=100, detail=detail at entry=0, var_args=var_args at entry=0x7ffe54cdeaa8) at gsignal.c:3391
instance_and_params = 0x7ffe54cde850
signal_return_type = <optimized out>
param_values = 0x7ffe54cde868
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#12 0x00007fd76925d584 in g_signal_emit_by_name (instance=instance at entry=0x55b536ae4d20, detailed_signal=detailed_signal at entry=0x7fd76987de15 "selection-get") at gsignal.c:3487
var_args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffe54cdebe0, reg_save_area = 0x7ffe54cdeaf0}}
detail = 0
signal_id = 100
itype = 94236795183872
__func__ = "g_signal_emit_by_name"
#13 0x00007fd769704beb in gtk_selection_invoke_handler (widget=0x55b536ae4d20, data=0x7ffe54cdec30, time=90823832) at gtkselection.c:3085
target_list = <optimized out>
info = 1
__func__ = "gtk_selection_invoke_handler"
_g_boolean_var_ = <optimized out>
#14 0x00007fd769704e65 in gtk_selection_convert (widget=0x55b536ae5500, selection=0x46, target=0x4f, time_=90823832) at gtkselection.c:1157
owner_widget = <optimized out>
owner_widget_ptr = 0x55b536ae4d20
selection_data = {selection = 0x46, target = 0x4f, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55b536ab5010}
info = 0x7fd6c8001d20
tmp_list = <optimized out>
owner_window = <optimized out>
display = 0x55b536ab5010
id = <optimized out>
__func__ = "gtk_selection_convert"
#15 0x00007fd766695059 in WebKit::DragAndDropHandler::dragDataSelection (this=this at entry=0x55b536f8f1e0, context=<optimized out>, context at entry=0x55b536ab88b0, position=..., time=time at entry=90823832) at /usr/include/c++/8/bits/unique_ptr.h:342
droppingContext = @0x7fd750e25c48: {_M_t = {_M_t = {<std::_Tuple_impl<0, WebKit::DragAndDropHandler::DroppingContext*, std::default_delete<WebKit::DragAndDropHandler::DroppingContext> >> = {<std::_Tuple_impl<1, std::default_delete<WebKit::DragAndDropHandler::DroppingContext> >> = {<std::_Head_base<1, std::default_delete<WebKit::DragAndDropHandler::DroppingContext>, true>> = {<std::default_delete<WebKit::DragAndDropHandler::DroppingContext>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebKit::DragAndDropHandler::DroppingContext*, false>> = {_M_head_impl = 0x55b5389857d0}, <No data fields>}, <No data fields>}}}
#16 0x00007fd766695243 in WebKit::DragAndDropHandler::dragMotion (this=0x55b536f8f1e0, context=context at entry=0x55b536ab88b0, position=..., time=time at entry=90823832) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WebKit/UIProcess/gtk/DragAndDropHandler.cpp:241
selection = <optimized out>
dragData = {m_clientPosition = {m_x = 0, m_y = 0}, m_globalPosition = {m_x = -2101622272, m_y = 474827403}, m_platformDragData = 0x55b5374a46a8, m_draggingSourceOperationMask = WebCore::DragOperationNone, m_applicationFlags = WebCore::DragApplicationNone, m_fileNames = {<WTF::VectorBuffer<WTF::String, 0>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x7ffe54cdee90, m_capacity = 2193345024, m_size = 474827403}, <No data fields>}, <No data fields>}, m_dragDestinationAction = 1756547392}
operation = <optimized out>
#17 0x00007fd766626b80 in webkitWebViewBaseDragMotion (widget=widget at entry=0x55b53747f810, context=0x55b536ab88b0, x=419, y=623, time=90823832) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WebCore/platform/graphics/IntPoint.h:72
No locals.
#18 0x00007fd769813496 in _gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT (closure=0x55b536b1c070, return_value=0x7ffe54cdefb0, n_param_values=<optimized out>, param_values=0x7ffe54cdf010, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gtkmarshalers.c:713
cc = 0x55b536b1c070
data1 = 0x55b53747f810
data2 = <optimized out>
callback = 0x7fd766626b20 <webkitWebViewBaseDragMotion(GtkWidget*, GdkDragContext*, gint, gint, guint)>
v_return = <optimized out>
__func__ = "_gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT"
#19 0x00007fd7692403dd in g_closure_invoke (closure=0x55b536b1c070, return_value=0x7ffe54cdefb0, n_param_values=5, param_values=0x7ffe54cdf010, invocation_hint=0x7ffe54cdef90) at gclosure.c:810
marshal = 0x7fd76923e8c0 <g_type_class_meta_marshal>
marshal_data = 0x280
in_marshal = 0
real_closure = 0x55b536b1c050
__func__ = "g_closure_invoke"
#20 0x00007fd7692531b4 in signal_emit_unlocked_R (node=node at entry=0x55b536b1e120, detail=detail at entry=0, instance=instance at entry=0x55b53747f810, emission_return=emission_return at entry=0x7ffe54cdf180, instance_and_params=instance_and_params at entry=0x7ffe54cdf010) at gsignal.c:3673
accumulator = 0x55b536b1e190
emission = {next = 0x0, instance = 0x55b53747f810, ihint = {signal_id = 108, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 94236795894320}
class_closure = 0x55b536b1c070
hlist = <optimized out>
handler_list = <optimized out>
return_accu = 0x7ffe54cdefb0
accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 108
max_sequential_handler_number = 68307
return_value_altered = 0
#21 0x00007fd76925c123 in g_signal_emit_valist (instance=instance at entry=0x55b53747f810, signal_id=signal_id at entry=108, detail=detail at entry=0, var_args=var_args at entry=0x7ffe54cdf278) at gsignal.c:3401
return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
error = 0x0
rtype = 20
static_scope = 0
instance_and_params = 0x7ffe54cdf010
signal_return_type = <optimized out>
param_values = 0x7ffe54cdf028
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#22 0x00007fd76925d584 in g_signal_emit_by_name (instance=instance at entry=0x55b53747f810, detailed_signal=detailed_signal at entry=0x7fd769851e10 "drag-motion") at gsignal.c:3487
var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffe54cdf3b0, reg_save_area = 0x7ffe54cdf2c0}}
detail = 0
signal_id = 108
itype = 94236795894320
__func__ = "g_signal_emit_by_name"
#23 0x00007fd7697ed58e in gtk_drag_dest_motion (widget=0x55b53747f810, context=0x55b536ab88b0, x=419, y=623, time=90823832) at gtkdnd.c:1572
site = 0x55b536ffc380
action = <optimized out>
retval = 1770673408
__func__ = "gtk_drag_dest_motion"
#24 0x00007fd7697edaf8 in gtk_drag_find_widget (callback=0x7fd7697ed450 <gtk_drag_dest_motion>, time=90823832, y=<optimized out>, x=<optimized out>, info=0x7fd6b80018d0, context=0x55b536ab88b0, widget=0x55b53747f810) at gtkdnd.c:1270
parent = 0x0
hierarchy = 0x55b53786ae20
found = 0
#25 _gtk_drag_dest_handle_event (toplevel=toplevel at entry=0x55b536ede460, event=event at entry=0x7fd744007b60) at gtkdnd.c:1091
window = <optimized out>
tx = 0
ty = 0
found = <optimized out>
info = 0x7fd6b80018d0
context = 0x55b536ab88b0
__func__ = "_gtk_drag_dest_handle_event"
#26 0x00007fd76967da8b in gtk_main_do_event (event=<optimized out>) at gtkmain.c:1933
grab_widget = <optimized out>
window_group = 0x55b536edbca0
rewritten_event = <optimized out>
device = 0x55b536ab8960
tmp_list = <optimized out>
event_widget = 0x55b536ede460
topmost_widget = <optimized out>
grab_widget = <optimized out>
rewritten_event = <optimized out>
tmp_list = <optimized out>
__inst = <optimized out>
window = <optimized out>
__inst = <optimized out>
__inst = <optimized out>
window = <optimized out>
__inst = <optimized out>
event_widget = <optimized out>
__t = <optimized out>
__t = <optimized out>
__t = <optimized out>
__t = <optimized out>
window_group = <optimized out>
device = <optimized out>
event = 0x7fd744007b60
__func__ = "gtk_main_do_event"
topmost_widget = <optimized out>
__r = <optimized out>
__r = <optimized out>
__r = <optimized out>
mnemonics_visible = <optimized out>
__r = <optimized out>
event_widget = <optimized out>
window_group = <optimized out>
device = <optimized out>
tmp_list = <optimized out>
__func__ = "gtk_main_do_event"
__inst = <optimized out>
__t = <optimized out>
__r = <optimized out>
window = <optimized out>
__inst = <optimized out>
__t = <optimized out>
__r = <optimized out>
__inst = <optimized out>
__t = <optimized out>
__r = <optimized out>
mnemonics_visible = <optimized out>
window = <optimized out>
__inst = <optimized out>
__t = <optimized out>
__r = <optimized out>
#27 0x00007fd768bf0a39 in _gdk_event_emit (event=event at entry=0x7fd744007b60) at gdkevents.c:73
No locals.
#28 0x00007fd768c4d286 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at gdkeventsource.c:124
source = <optimized out>
display = <optimized out>
event = 0x7fd744007b60
#29 0x00007fd76915e06d in g_main_dispatch (context=0x55b536ac9980) at gmain.c:3182
dispatch = 0x7fd768c4d260 <gdk_event_source_dispatch>
prev_source = 0x0
was_in_call = 0
user_data = 0x0
callback = 0x0
cb_funcs = 0x0
cb_data = 0x0
need_destroy = <optimized out>
source = 0x55b536ade290
current = 0x55b536a8ba30
i = 0
current = <optimized out>
i = <optimized out>
__func__ = "g_main_dispatch"
source = <optimized out>
_g_boolean_var_ = <optimized out>
was_in_call = <optimized out>
user_data = <optimized out>
callback = <optimized out>
cb_funcs = <optimized out>
cb_data = <optimized out>
need_destroy = <optimized out>
dispatch = <optimized out>
prev_source = <optimized out>
_g_boolean_var_ = <optimized out>
#30 g_main_context_dispatch (context=context at entry=0x55b536ac9980) at gmain.c:3847
No locals.
#31 0x00007fd76915e438 in g_main_context_iterate (context=context at entry=0x55b536ac9980, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3920
max_priority = 0
timeout = 0
some_ready = 1
nfds = <optimized out>
allocated_nfds = 6
fds = 0x55b536cc0ca0
#32 0x00007fd76915e4d0 in g_main_context_iteration (context=context at entry=0x55b536ac9980, may_block=may_block at entry=1) at gmain.c:3981
retval = <optimized out>
#33 0x00007fd76932ed25 in g_application_run (application=0x55b536d921a0, argc=<optimized out>, argv=0x7ffe54cdf7f8) at gapplication.c:2470
arguments = 0x55b536c458c0
status = 0
context = 0x55b536ac9980
acquired_context = <optimized out>
__func__ = "g_application_run"
#34 0x000055b53553cf5e in ?? ()
No symbol table info available.
#35 0x00007ffe54cdf7f8 in ?? ()
No symbol table info available.
#36 0x0000000168d6b5fd in ?? ()
No symbol table info available.
#37 0x00007fd7646007c2 in _g_module_symbol (symbol_name=0x7ffe54cdf7f8 "^\020\316T\376\177", handle=0x7ffe54cdf7f0) at gmodule-dl.c:163
p = <optimized out>
msg = <optimized out>
p = <optimized out>
msg = <optimized out>
#38 g_module_symbol (module=<optimized out>, symbol_name=0x7ffe54cdf7f8 "^\020\316T\376\177", symbol=0x1) at gmodule.c:800
module_error = <optimized out>
__func__ = "g_module_symbol"
#39 0x000055b53553dac0 in ?? ()
No symbol table info available.
#40 0x000055b53553d200 in ?? ()
No symbol table info available.
#41 0x00007ffe54cdf7f0 in ?? ()
No symbol table info available.
#42 0x00007fd768df7413 in __libc_start_main (main=0x55b53553c9b0, argc=4, argv=0x7ffe54cdf7f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe54cdf7e8) at ../csu/libc-start.c:308
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 3686795047983546301, 94236772127232, 140730321205232, 0, 0, 7475099810769043389, 7489094244564762557}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffe54cdf820, 0x7fd769ce4150}, data = {prev = 0x0, cleanup = 0x0, canceltype = 1422784544}}}
not_first_call = <optimized out>
#43 0x000055b53553d22e in ?? ()
No symbol table info available.
#44 0x00007ffe54cdf7e8 in ?? ()
No symbol table info available.
#45 0x00007fd769ce3fa0 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#46 0x0000000000000004 in ?? ()
No symbol table info available.
#47 0x00007ffe54ce105e in ?? ()
No symbol table info available.
#48 0x0000000000000000 in ?? ()
No symbol table info available.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190215/ce10602b/attachment-0001.html>
More information about the webkit-unassigned
mailing list