[Webkit-unassigned] [Bug 253858] [GTK] Crash in webkit_web_view_session_state_new()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 14 11:25:54 PDT 2023


--- Comment #3 from Michael Catanzaro <mcatanzaro at gnome.org> ---
I think the only way this can happen is if you call webkit_web_view_session_state_new(NULL) which is not allowed. decodeSessionState is only called directly from webkit_web_view_session_state_new() and nowhere else. So that must be what's happening, right? Nope:

#8  decodeSessionState (sessionState=..., data=0x0) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:428
#9  webkit_web_view_session_state_new (data=data at entry=0x5555582e59f0) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:463

There in frame 8 it's NULL but in frame 9 it's not. Even though it's passed directly without any modification. What gives?

Also, if it was NULL in frame 8 then we have a g_return_val_if_fail() that should catch it.

One interesting thing: the parameters (sessionState=..., data=0x0) are printed in reverse order that they appear in the code. That's maybe weird?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230314/a92eefb9/attachment.htm>

More information about the webkit-unassigned mailing list