[Webkit-unassigned] [Bug 225279] New: [GTK] segmentation fault in WebKit::IconDatabase::loadIconForPageURL

Sun May 2 08:17:38 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=225279

            Bug ID: 225279
           Summary: [GTK] segmentation fault in
                    WebKit::IconDatabase::loadIconForPageURL
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jmason at ibinx.com
                CC: bugs-noreply at webkitgtk.org

gtk3: 3.24.11
gdk-pixbuf: 2.40.0
cairo: 1.16.0
glib2: 2.66.8

I am encountering a segmentation fault in IconDatabase::loadIconForPageURL due to dereference of a null pointer returned by NativeImage::nativeImageForCurrentFrame.  This happens for certain (broken? unsupported?) icons, but not all.  One such icon is the favicon for this URL:

    https://thomas-guettler.de/htmx-swap-err-webkit/page.html

For me, entering the above URL in epiphany 40.0 elicits the seg fault.

I've attached a patch which clears the issue.  The patch also applies a similar null pointer check in the method setIconForPageURL.

The fix assumes `nativeImageForCurrentFrame` can return null.  If that method is supposed to return non-null in all cases, then there is another problem.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210502/640da105/attachment-0001.htm>