<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [GTK] GVariant criticals encoding WebKitWebViewSessionState on wiki.gnome.org"
   href="https://bugs.webkit.org/show_bug.cgi?id=167644">167644</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>[GTK] GVariant criticals encoding WebKitWebViewSessionState on wiki.gnome.org
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>WebKit Nightly Build
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>WebKit Gtk
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned&#64;lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>mcatanzaro&#64;igalia.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>bugs-noreply&#64;webkitgtk.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Attaching a file to a wiki page on wiki.gnome.org (note: link to do that is at the bottom of the page, if you're logged in) causes the session state to somehow get corrupted and spew tons of criticals:

(epiphany:17763): GLib-CRITICAL **: g_variant_builder_add_value: assertion '!GVSB(builder)-&gt;expected_type || g_variant_is_of_type (value, GVSB(builder)-&gt;expected_type)' failed

Here's a backtrace taken with G_DEBUG=fatal-criticals:

#0  _g_log_abort (breakpoint=1)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:549
        debugger_present = 1
#1  0x00007f24cdd65023 in g_logv (log_domain=0x7f24cde11b8d &quot;GLib&quot;, 
    log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7f24cddbf88b &quot;%s: assertion '%s' failed&quot;, args=0x7f24677fb448)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:1357
        domain = 0x0
        data = 0x0
        depth = 1
        log_func = 0x7f24e3eb509c &lt;trap_handler&gt;
        domain_fatal_mask = 5
        masquerade_fatal = 0
        test_level = 10
        was_fatal = 0
        was_recursion = 0
        buffer = &quot;\360\257\177g$\177\000\000\351\000L\320$\177\000\000 \260\177g$\177\000\000\030\260\177g$\177\000\000U\000\000\000\000\000\000\000\020\b\202v$\177\000\000\000\307\177g$\177\000\000\260\b\202v$\177\000\000 \260\177g$\177\000\000p\260\177g$\177\000\000\060\260\177g$\177\000\000t:\223\330$\177\000\000p\260\177g$\177\000\000\230\260\177g$\177\000\000P\260\177g$\177\000\000t:\223\330$\177\000\000\230\260\177g$\177\000\000\300\260\177g$\177\000\000p\260\177g$\177\000\000\000\000\000\000\000\000\000\000p\260\177g$\177\000\000N\027\223\330$\177\000\000\230\260\177g$\177\000\000\000\000\000\000\000\000\000\000\240\260\177g$\177\000\000&quot;...
        msg = 0x22a9680 &quot;g_variant_builder_add_value: assertion 'GVSB(builder)-&gt;offset &lt; GVSB(builder)-&gt;max_items' failed&quot;
        msg_alloc = 0x22a9680 &quot;g_variant_builder_add_value: assertion 'GVSB(builder)-&gt;offset &lt; GVSB(builder)-&gt;max_items' failed&quot;
        i = 3
#2  0x00007f24cdd65114 in g_log (log_domain=0x7f24cde11b8d &quot;GLib&quot;, 
    log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7f24cddbf88b &quot;%s: assertion '%s' failed&quot;)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:1398
        args = {{gp_offset = 40, fp_offset = 48, 
            overflow_arg_area = 0x7f24677fb520, 
            reg_save_area = 0x7f24677fb460}}
#3  0x00007f24cdd66c77 in g_return_if_fail_warning (
    log_domain=0x7f24cde11b8d &quot;GLib&quot;, 
    pretty_function=0x7f24cde14330 &lt;__func__.5492&gt; &quot;g_variant_builder_add_value&quot;, expression=0x7f24cde12a08 &quot;GVSB(builder)-&gt;offset &lt; GVSB(builder)-&gt;max_items&quot;)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmessages.c:2687
No locals.
#4  0x00007f24cdda13c9 in g_variant_builder_add_value (builder=0x7f24677fb940, 
    value=0x2a98090)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gvariant.c:3483
        __func__ = &quot;g_variant_builder_add_value&quot;
#5  0x00007f24cdda47d8 in g_variant_builder_add (builder=0x7f24677fb940, 
    format_string=0x7f24db538856 &quot;u&quot;)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gvariant.c:5532
        variant = 0x2a98090
        ap = {{gp_offset = 24, fp_offset = 48, 
            overflow_arg_area = 0x7f24677fb670, 
            reg_save_area = 0x7f24677fb5b0}}
#6  0x00007f24d8ef59f3 in encodeHTTPBody (sessionBuilder=0x7f24677fb940, 
    httpBody=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:129
        element = &#64;0x7f24637eb410: {
          type = (anonymous namespace)::HTTPBody::Element::Type::Data, 
          data = {&lt;WTF::VectorBuffer&lt;char, 0ul&gt;&gt; = {&lt;WTF::VectorBufferBase&lt;char&gt;&gt; = {m_buffer = 0x0, m_capacity = 0, 
                m_size = 0}, &lt;No data fields&gt;}, &lt;No data fields&gt;}, filePath = {
            m_impl = {static isRefPtr = &lt;optimized out&gt;, 
              m_ptr = 0x7f24698461b0}}, fileStart = 0, 
          fileLength = {&lt;std::constexpr_optional_base&lt;long&gt;&gt; = {init_ = false, 
              storage_ = {dummy_ = 0 '\000', 
                value_ = 4294967040}}, &lt;No data fields&gt;}, 
          expectedFileModificationTime = {&lt;std::constexpr_optional_base&lt;double&gt;&gt; = {init_ = true, storage_ = {dummy_ = 0 '\000', 
                value_ = nan(0x8000000000000)}}, &lt;No data fields&gt;}, 
          blobURLString = {m_impl = {static isRefPtr = &lt;optimized out&gt;, 
              m_ptr = 0x0}}}
        __for_range = &#64;0x7f24767c5348: {&lt;WTF::VectorBuffer&lt;WebKit::HTTPBody::Element, 0ul&gt;&gt; = {&lt;WTF::VectorBufferBase&lt;WebKit::HTTPBody::Element&gt;&gt; = {
              m_buffer = 0x7f24637eb3c0, m_capacity = 3, 
              m_size = 3}, &lt;No data fields&gt;}, &lt;No data fields&gt;}
        __for_begin = 0x7f24637eb410
        __for_end = 0x7f24637eb4b0
#7  0x00007f24d8ef6149 in encodeFrameState (sessionBuilder=0x7f24677fb940, 
    frameState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:179
No locals.
#8  0x00007f24d8ef6362 in encodePageState (sessionBuilder=0x7f24677fb940, 
    pageState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:196
No locals.
#9  0x00007f24d8ef6420 in encodeBackForwardListItemState (
    sessionBuilder=0x7f24677fb940, item=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:205
No locals.
#10 0x00007f24d8ef64aa in encodeBackForwardListState (
    sessionBuilder=0x7f24677fb940, backForwardListState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:213
        item = &#64;0x7f24767c52c0: {identifier = 7, pageState = {title = {
              m_impl = {static isRefPtr = &lt;optimized out&gt;, 
                m_ptr = 0x7f246980ee70}}, mainFrameState = {urlString = {
                m_impl = {static isRefPtr = &lt;optimized out&gt;, 
                  m_ptr = 0x7f2469856e60}}, originalURLString = {m_impl = {
                  static isRefPtr = &lt;optimized out&gt;, m_ptr = 0x7f2469856eb0}}, 
              referrer = {m_impl = {static isRefPtr = &lt;optimized out&gt;, 
                  m_ptr = 0x7f24637e68e8}}, target = {m_impl = {
                  static isRefPtr = &lt;optimized out&gt;, m_ptr = 0x0}}, 
              documentState = {&lt;WTF::VectorBuffer&lt;WTF::String, 0ul&gt;&gt; = {&lt;WTF::VectorBufferBase&lt;WTF::String&gt;&gt; = {m_buffer = 0x0, m_capacity = 0, 
                    m_size = 0}, &lt;No data fields&gt;}, &lt;No data fields&gt;}, 
              stateObjectData = {&lt;std::optional_base&lt;WTF::Vector&lt;unsigned char, 0ul, WTF::CrashOnOverflow, 16ul&gt; &gt;&gt; = {init_ = false, storage_ = {
                    dummy_ = 0 '\000', 
                    value_ = {&lt;WTF::VectorBuffer&lt;unsigned char, 0ul&gt;&gt; = {&lt;WTF::VectorBufferBase&lt;unsigned char&gt;&gt; = {m_buffer = 0x0, m_capacity = 0, 
                          m_size = 0}, &lt;No data fields&gt;}, &lt;No data fields&gt;}}}, &lt;No data fields&gt;}, documentSequenceNumber = 1485878022875566, 
              itemSequenceNumber = 1485878022875565, scrollPosition = {
                m_x = 0, m_y = 0}, pageScaleFactor = 0, 
              httpBody = {&lt;std::optional_base&lt;WebKit::HTTPBody&gt;&gt; = {
                  init_ = true, storage_ = {dummy_ = 200 '\310', value_ = {
                      contentType = {m_impl = {
                          static isRefPtr = &lt;optimized out&gt;, 
                          m_ptr = 0x7f246980eec8}}, 
                      elements = {&lt;WTF::VectorBuffer&lt;WebKit::HTTPBody::Element, 0ul&gt;&gt; = {&lt;WTF::VectorBufferBase&lt;WebKit::HTTPBody::Element&gt;&gt; = {
                            m_buffer = 0x7f24637eb3c0, m_capacity = 3, 
                            m_size = 3}, &lt;No data fields&gt;}, &lt;No data fields&gt;}}}}, &lt;No data fields&gt;}, 
              children = {&lt;WTF::VectorBuffer&lt;WebKit::FrameState, 0ul&gt;&gt; = {&lt;WTF::VectorBufferBase&lt;WebKit::FrameState&gt;&gt; = {m_buffer = 0x0, m_capacity = 0, 
                    m_size = 0}, &lt;No data fields&gt;}, &lt;No data fields&gt;}}, 
            shouldOpenExternalURLsPolicy = (anonymous namespace)::ShouldOpenExternalURLsPolicy::ShouldAllow}}
        __for_range = &#64;0x7f24bfde5840: {&lt;WTF::VectorBuffer&lt;WebKit::BackForwardListItemState, 0ul&gt;&gt; = {&lt;WTF::VectorBufferBase&lt;WebKit::BackForwardListItemState&gt;&gt; = {m_buffer = 0x7f24767c5000, m_capacity = 16, 
              m_size = 5}, &lt;No data fields&gt;}, &lt;No data fields&gt;}
        __for_begin = 0x7f24767c52c0
        __for_end = 0x7f24767c5370
#11 0x00007f24d8ef6594 in encodeSessionState (sessionState=...)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:227
        sessionBuilder = {u = {s = {partial_magic = 41265536, type = 0xa093e0, 
              y = {0, 0, 7, 7, 41636944, 7, 7, 2, 1033660112, 0, 0, 0, 0, 0}}, 
            x = {41265536, 10523616, 0, 0, 7, 7, 41636944, 7, 7, 2, 
              1033660112, 0, 0, 0, 0, 0}}}
        variant = {m_ptr = 0x7f24dfb2c6a8 &lt;xmlFree&gt;}
#12 0x00007f24d8ef754e in webkit_web_view_session_state_serialize (
    state=0x7f24bfde5840)
    at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp:460
        __PRETTY_FUNCTION__ = &quot;GBytes* webkit_web_view_session_state_serialize(WebKitWebViewSessionState*)&quot;
#13 0x00007f24e3c2bca9 in write_tab (writer=0x27283a0, tab=0x28530a0)
    at /home/mcatanzaro/Projects/GNOME/epiphany/src/ephy-session.c:726
        bytes = 0x7716f0
        ret = 0
#14 0x00007f24e3c2beff in write_ephy_window (writer=0x27283a0, 
    window=0x1c5a840)
    at /home/mcatanzaro/Projects/GNOME/epiphany/src/ephy-session.c:803
        tab = 0x28530a0
        l = 0x978da0
        ret = 0
#15 0x00007f24e3c2c167 in save_session_sync (task=0x9d9dd0, 
    source_object=0xe5a880, task_data=0x9b3120, cancellable=0x296fc70)
    at /home/mcatanzaro/Projects/GNOME/epiphany/src/ephy-session.c:893
        data = 0x9b3120
        buffer = 0x28413d0
        writer = 0x27283a0
        w = 0x916e40
        ret = 0
#16 0x00007f24d182ae7f in g_task_thread_pool_thread (thread_data=0x9d9dd0, 
    pool_data=0x0) at /home/mcatanzaro/Projects/GNOME/glib/gio/gtask.c:1328
        task = 0x9d9dd0
#17 0x00007f24cdd8b9e9 in g_thread_pool_thread_proxy (data=0x76c4d0)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gthreadpool.c:307
        task = 0x9d9dd0
        pool = 0x76c4d0
#18 0x00007f24cdd8b40f in g_thread_proxy (data=0x28aee80)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gthread.c:784
        thread = 0x28aee80
        __func__ = &quot;g_thread_proxy&quot;
#19 0x00007f24cc30b6ca in start_thread (arg=0x7f24677fc700)
    at pthread_create.c:333
        __res = &lt;optimized out&gt;
        pd = 0x7f24677fc700
        now = &lt;optimized out&gt;
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139794331977472, 
                -952831986412417169, 0, 140727833846303, 139794331978176, 
                139794331977472, 904681071671644015, 905017066599747439}, 
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, 
            data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = &lt;optimized out&gt;
        pagesize_m1 = &lt;optimized out&gt;
        sp = &lt;optimized out&gt;
        freesize = &lt;optimized out&gt;
        __PRETTY_FUNCTION__ = &quot;start_thread&quot;
#20 0x00007f24cda48f7f in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
No locals.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>