[Webkit-unassigned] [Bug 193532] New: webkitWebViewBaseCreateWebPage SIGSEGV due Invalid read of size 8

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 17 02:15:31 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=193532

            Bug ID: 193532
           Summary: webkitWebViewBaseCreateWebPage SIGSEGV due Invalid
                    read of size 8
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: germano.massullo at gmail.com

Created attachment 359364

  --> https://bugs.webkit.org/attachment.cgi?id=359364&action=review

GDB backtrace

While trying to debug this crash on BOINC Manager gui
https://github.com/BOINC/boinc/issues/2350

by looking at GDB backtrace (see attachment) and Valgrind output (hereunder), I think it is a problem Webkit, in particular you get a SIGSEGV: segmentation violation

at the function webkitWebViewBaseCreateWebPage(_WebKitWebViewBase*, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) of file WebKitWebViewBase.cpp:1364

Libraries version I am using:
webkit2gtk3-2.22.5-1.fc29.x86_64
wxBase3-3.0.4-4.fc29.x86_64
wxGTK3-3.0.4-4.fc29.x86_64
wxGTK3-webview-3.0.4-4.fc29.x86_64

Valgrind output when BOINC Manager crashes:

==6052== 
==6052== HEAP SUMMARY:
==6052==     in use at exit: 10,297,642 bytes in 84,663 blocks
==6052==   total heap usage: 1,338,545 allocs, 1,253,882 frees, 1,767,724,014 bytes allocated
==6052== 
==6052== LEAK SUMMARY:
==6052==    definitely lost: 364,320 bytes in 1,312 blocks
==6052==    indirectly lost: 418,708 bytes in 13,602 blocks
==6052==      possibly lost: 8,109 bytes in 113 blocks
==6052==    still reachable: 8,861,441 bytes in 64,897 blocks
==6052==                       of which reachable via heuristic:
==6052==                         length64           : 9,888 bytes in 147 blocks
==6052==                         newarray           : 49,560 bytes in 78 blocks
==6052==         suppressed: 0 bytes in 0 blocks
==6052== Rerun with --leak-check=full to see details of leaked memory
==6052== 
==6052== For counts of detected and suppressed errors, rerun with: -v
==6052== Use --track-origins=yes to see where uninitialised values come from
==6052== ERROR SUMMARY: 189 errors from 6 contexts (suppressed: 0 from 0)
==5953== Invalid read of size 8
==5953==    at 0x6874D7A: g_dbus_server_get_client_address (gdbusserver.c:518)
==5953==    by 0x4996134: wxgtk_initialize_web_extensions (webview_webkit2.cpp:367)
==5953==    by 0x69553DC: g_closure_invoke (gclosure.c:810)
==5953==    by 0x6968982: signal_emit_unlocked_R (gsignal.c:3635)
==5953==    by 0x6971AA9: g_signal_emit_valist (gsignal.c:3391)
==5953==    by 0x69720A2: g_signal_emit (gsignal.c:3447)
==5953==    by 0x77EA6A6: webkitWebContextInitializeWebExtensions(_WebKitWebContext*) (WebKitWebContext.cpp:1600)
==5953==    by 0x77D1499: WebKitInjectedBundleClient::getInjectedBundleInitializationUserData(WebKit::WebProcessPool&) (WebKitInjectedBundleClient.cpp:136)
==5953==    by 0x7754E2C: WebKit::WebProcessPool::initializeNewWebProcess(WebKit::WebProcessProxy&, WebKit::WebsiteDataStore&) (WebProcessPool.cpp:982)
==5953==    by 0x775500D: WebKit::WebProcessPool::createNewWebProcess(WebKit::WebsiteDataStore&, WebKit::WebProcessProxy::IsInPrewarmedPool) (WebProcessPool.cpp:797)
==5953==    by 0x77554D3: WebKit::WebProcessPool::createWebPage(WebKit::PageClient&, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) (WebProcessPool.cpp:1180)
==5953==    by 0x780E9DD: webkitWebViewBaseCreateWebPage(_WebKitWebViewBase*, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) (WebKitWebViewBase.cpp:1364)
==5953==  Address 0x11000000110 is not stack'd, malloc'd or (recently) free'd
==5953== 
==5953== 
==5953== HEAP SUMMARY:
==5953==     in use at exit: 10,301,652 bytes in 84,670 blocks
==5953==   total heap usage: 1,338,587 allocs, 1,253,917 frees, 1,767,726,032 bytes allocated
==5953== 
==5953== LEAK SUMMARY:
==5953==    definitely lost: 351,824 bytes in 1,295 blocks
==5953==    indirectly lost: 418,612 bytes in 13,598 blocks
==5953==      possibly lost: 12,141 bytes in 122 blocks
==5953==    still reachable: 8,874,011 bytes in 64,916 blocks
==5953==                       of which reachable via heuristic:
==5953==                         length64           : 9,888 bytes in 147 blocks
==5953==                         newarray           : 49,560 bytes in 78 blocks
==5953==         suppressed: 0 bytes in 0 blocks
==5953== Rerun with --leak-check=full to see details of leaked memory
==5953== 
==5953== For counts of detected and suppressed errors, rerun with: -v
==5953== Use --track-origins=yes to see where uninitialised values come from
==5953== ERROR SUMMARY: 193 errors from 7 contexts (suppressed: 0 from 0)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190117/593ad845/attachment-0001.html>

More information about the webkit-unassigned mailing list