[Webkit-unassigned] [Bug 223069] 2.31 update leads to ruby-gnome segfaulting
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 16 12:25:26 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=223069
Alberto Garcia <berto at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |berto at igalia.com,
| |cgarcia at igalia.com,
| |gjp at google.com,
| |mark.lam at apple.com,
| |ysuzuki at apple.com
--- Comment #1 from Alberto Garcia <berto at igalia.com> ---
Ok, so here's what happens:
JSC uses SIGUSR1 to suspend and resume threads. After r271560 (see bug 220641) this signal is configurable because some users want to use SIGUSR1 for other purposes, so the patch added the JSC_SIGNAL_FOR_GC environment variable.
So far so good. The problem is that the new code in WebKit now specifically checks that no one else is handling that signal already:
https://github.com/WebKit/WebKit/blob/a807a4f6d013ac51005bb5c3153bc670fee47065/Source/WTF/wtf/posix/ThreadingPOSIX.cpp#L211
The RELEASE_ASSERT immediately after that check aborts the program.
In this specific case the problem appears when running a set of tests using Ruby. WebKit is loaded directly by the Ruby process (using gobject-introspection), and the reason why this crashes is that Ruby is installing handlers for SIGUSR1, SIGUSR2 among others:
https://sources.debian.org/src/ruby2.7/2.7.2-4/signal.c/#L1551
With a different signal there's no crash:
$ JSC_SIGNAL_FOR_GC=30 xvfb-run ruby webkit2-gtk/test/run-test.rb
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210316/9a02ebd1/attachment.htm>
More information about the webkit-unassigned
mailing list