[Webkit-unassigned] [Bug 199402] New: [GTK] Crash in webkitWebViewBaseRenderHostFileDescriptor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 2 05:36:52 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=199402
Bug ID: 199402
Summary: [GTK] Crash in
webkitWebViewBaseRenderHostFileDescriptor
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
CC: bugs-noreply at webkitgtk.org
>From this backtrace:
Stack trace of thread 764:
#0 0x00007fbbc42b16df _Z41webkitWebViewBaseRenderHostFileDescriptorP18_WebKitWebViewBase (libwebkit2gtk-4.0.so.37)
#1 0x00007fbbc42a1c6a _ZN6WebKit14PageClientImpl18hostFileDescriptorEv (libwebkit2gtk-4.0.so.37)
#2 0x00007fbbc41d33d0 _ZN6WebKit12WebPageProxy18creationParametersERNS_15WebProcessProxyERNS_16DrawingAreaProxyE (libwebkit2gtk-4.0.so.37)
#3 0x00007fbbc41d38f0 _ZN6WebKit12WebPageProxy17initializeWebPageEv (libwebkit2gtk-4.0.so.37)
#4 0x00007fbbc41d3aed _ZN6WebKit12WebPageProxy27finishAttachingToWebProcessENS0_13IsProcessSwapE (libwebkit2gtk-4.0.so.37)
#5 0x00007fbbc41d3e8e _ZN6WebKit12WebPageProxy11loadRequestEON7WebCore15ResourceRequestENS1_28ShouldOpenExternalURLsPolicyEPN3API6ObjectE (libwebkit2gtk-4.0.so.37)
#6 0x00007fbbc4292f6a webkit_web_view_load_uri (libwebkit2gtk-4.0.so.37)
#7 0x00007fbbc7e2bee2 ephy_web_view_load_url (libephymain.so)
#8 0x00007fbbc7e2f96a ephy_web_view_load_homepage (libephymain.so)
#9 0x00007fbbc7e0c2f6 ephy_window_open_link (libephymain.so)
#10 0x00007fbbc1a36bb8 ffi_call_unix64 (libffi.so.6)
#11 0x00007fbbc1a363b4 ffi_call (libffi.so.6)
#12 0x00007fbbc73f024d g_cclosure_marshal_generic (libgobject-2.0.so.0)
#13 0x00007fbbc73ef742 g_closure_invoke (libgobject-2.0.so.0)
#14 0x00007fbbc7402cf6 signal_emit_unlocked_R (libgobject-2.0.so.0)
#15 0x00007fbbc740b94e g_signal_emit_valist (libgobject-2.0.so.0)
#16 0x00007fbbc740c963 g_signal_emit (libgobject-2.0.so.0)
#17 0x00007fbbc7df6fff ephy_link_open (libephymain.so)
#18 0x00007fbbc7e00f8a ephy_session_resume (libephymain.so)
#19 0x00007fbbc73ef996 _g_closure_invoke_va (libgobject-2.0.so.0)
#20 0x00007fbbc740c31c g_signal_emit_valist (libgobject-2.0.so.0)
#21 0x00007fbbc740c963 g_signal_emit (libgobject-2.0.so.0)
#22 0x00007fbbc751c5f8 g_application_real_local_command_line (libgio-2.0.so.0)
#23 0x00007fbbc751c7b2 g_application_run (libgio-2.0.so.0)
#24 0x00005594709be096 main (epiphany)
#25 0x00007fbbc6f45f13 __libc_start_main (libc.so.6)
#26 0x00005594709be31e _start (epiphany)
We can see a crash here, probably because acceleratedBackingStore is null:
#if USE(WPE_RENDERER)
int webkitWebViewBaseRenderHostFileDescriptor(WebKitWebViewBase* webkitWebViewBase)
{
return webkitWebViewBase->priv->acceleratedBackingStore->renderHostFileDescriptor();
}
#endif
It can happen if AcceleratedBackingStore::create returns null. AcceleratedBackingStore::create has a release assert to make sure that never happens directly, but AcceleratedBackingStoreWayland::create and AcceleratedBackingStoreX11::create do not. Both can return null for various reasons. The crash occurs on a VM image that's probably either got broken OpenGL or a missing GL extension, but it's impossible to tell which from this backtrace because the crash occurs too late.
I suggest we either make WebKitWebViewBase expect and handle the case where acceleratedBackingStore is null, or else crash earlier with a RELEASE_ASSERT in AcceleratedBackingStoreWayland::create and AcceleratedBackingStoreX11::create when it's not. Ideally line number of the crash would indicate why creation failed, e.g.:
RELEASE_ASSERT(display.supportsXComposite());
RELEASE_ASSERT(display.supportsXDamage(s_damageEventBase, s_damageErrorBase));
Missing information:
* I don't know whether X11 or Wayland is being used here, but it's probably not relevant to this bug because both can return null
* I don't have an actual proper backtrace from gdb, but I think we see what's going wrong without it
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190702/840e517e/attachment-0001.html>
More information about the webkit-unassigned
mailing list