129784 2014-03-05 23:28:01 -0800 Crash in webkit_web_view_expose_event when using Eclipse with overlay-scrollbar (Ubuntu) 2016-04-23 13:22:53 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED INVALID P2 Normal --- 1 malaperle webkit-unassigned berto bigbedue cgarcia dbates gustavo mcatanzaro mrobinson zan oldest_to_newest 987578 0 malaperle 2014-03-05 23:28:01 -0800 Using Ubuntu 14.04 64 bit (soon to be released), GTK2. with package libwebkitgtk-1.0-0 (built from webkit 2.3.90) or using webkit built from SVN (revision 164917). I originally opened this bug at eclipse.org https://bugs.eclipse.org/bugs/show_bug.cgi?id=425614 1. Download Eclipse Standard 4.3.2 for linux 64 bit http://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/kepler/SR2/eclipse-standard-kepler-SR2-linux-gtk-x86_64.tar.gz 2. Start Eclipse with this command: UBUNTU_MENUPROXY=0 SWT_GTK3=0 ./eclipse 3. If this is a new workspace, it should crash after selecting the workspace location (because it tries to display the welcome screen). If the workspace loads, click Help, Welcome in the menu to force the welcome screen to display. The crash should occur. Back trace: https://bugs.eclipse.org/bugs/attachment.cgi?id=238944 The crashing code in webkitwebview.cpp looks like this: for (int i = 0; i < rectCount; i++) { copyRectFromCairoSurfaceToContext(WEBKIT_WEB_VIEW(widget)->priv->backingStore->cairoSurface(), cr.get(), IntSize(), IntRect(rects.get()[i])); } Basically, in webkit_web_view_expose_event, WEBKIT_WEB_VIEW(widget)->priv->backingStore is null because ChromeClient::widgetSizeChanged doesn't get called...because webView->priv->needsResizeOnMap is false. I think the issue is in webkit_web_view_size_allocate. It assumes that the size changed to allocate the backing store (through needsResizeOnMap). If I add also set needsResizeOnMap to true when the backing store is null, it works. I'm not sure this is the right solution but hopefully this helps someone develop a real fix. 987581 1 225958 malaperle 2014-03-05 23:44:52 -0800 Created attachment 225958 Patch 991319 2 bigbedue 2014-03-17 11:21:36 -0700 Patch from #1 doesn't solve the problem here. Using Arch, see https://bugs.archlinux.org/task/39184. eclipse still crashes. 992379 3 malaperle 2014-03-19 21:14:16 -0700 (In reply to comment #2) > Patch from #1 doesn't solve the problem here. Using Arch, see https://bugs.archlinux.org/task/39184. > eclipse still crashes. Are you sure it crashes at the same place? Is backingStore null? FYI, there's also a crash related to the google talk plugin, see https://bugs.eclipse.org/bugs/show_bug.cgi?id=334466 993776 4 bigbedue 2014-03-24 03:41:01 -0700 Tbh, I don't know if backingStore is null. Can you help me getting a more informative debug output from eclipse? The terminal is not very chatty. I reproduced the error like this: with the UNPATCHED release version of 2.2.5, it crashed "randomly" when displaying tooltips. I also could - kind of - reproduce the welcome-screen thing: 1. went to welcome screen (welcome screen displays, no crash) 2. click on X to close the welcome screen (eclipse crashes, the normal window should have appeared) after the patch, both behaviors were still there. Maybe "my problem" is not exactly what you've fixed? Please also note that i didn't apply the patch to r164917 but on the release version found here: http://webkitgtk.org/releases/webkitgtk-2.2.5.tar.xz. Maybe thats an issue too. 994447 5 malaperle 2014-03-25 17:18:23 -0700 (In reply to comment #4) > Tbh, I don't know if backingStore is null. > Can you help me getting a more informative debug output from eclipse? The terminal is not very chatty. Do you have a java crash log file? It should be in the working directory where Eclipse was launched, look for something like hs_err_pid18377.log. If you have a core dump, you could load it in gdb and get a backtrace. The core file should also be in the working directory. If not, you can try changing the core file limit with the command 'ulimit -c unlimited' then starting Eclipse from the same terminal. > Maybe "my problem" is not exactly what you've fixed? That seems probable. I also didn't mention in my original comment that the crash only occurs when overlay-scrollbar is enabled, which I believe is only in Ubuntu. But I think fixing this in webkit source code makes sense because the way I understand the code, it could happen in other circumstances. > Please also note that i didn't apply the patch to r164917 but on the release version found here: http://webkitgtk.org/releases/webkitgtk-2.2.5.tar.xz. Maybe thats an issue too. I'm going to install Arch Linux and try to reproduce your crash. This might take some time. 994571 6 malaperle 2014-03-26 07:59:58 -0700 (In reply to comment #5) > > Please also note that i didn't apply the patch to r164917 but on the release version found here: http://webkitgtk.org/releases/webkitgtk-2.2.5.tar.xz. Maybe thats an issue too. > > I'm going to install Arch Linux and try to reproduce your crash. This might take some time. I can't reproduce this with Arch Linux and webkitgtk-2.2.5 installed. I tried both the eclipse package from Arch and downloading it from eclipse.org (version 4.3.2). Let me know if you have more information about the java error log or the core dump. Also, did you check if you have the google talk plugin installed? I tried to install it just to see if it affects anything but I wasn't able to install it from AUR (I'm not sure how to use it). 1008630 7 malaperle 2014-05-12 10:01:53 -0700 On recent Eclipse builds (Luna), the overlay scrollbars are disabled by default so to reproduce this bug they need to be explicitly enabled with LIBOVERLAY_SCROLLBAR=1 1186629 8 225958 dbates 2016-04-23 11:27:48 -0700 Comment on attachment 225958 Patch The file Source/WebKit/gtk/webkit/webkitwebview.cpp no longer exists. Moreover, all the GTK WebKit1 code was removed in <http://trac.webkit.org/changeset/166979> (bug #131399). I'm unclear of the process for fixing GTK WebKit1 bugs with respect to third-party applications, such as Eclipse. Maybe Martin Robinson or Michael Cantazaro know? 1186630 9 dbates 2016-04-23 11:29:40 -0700 I'm marking this bug Resolved Invalid since the GTK WebKit1 source code was removed from the WebKit Open Source Project repository as mentioned in comment #8. We need to find a more appropriate forum for this bug assuming it still exists. 1186659 10 mcatanzaro 2016-04-23 13:22:53 -0700 (In reply to comment #8) > Comment on attachment 225958 [details] > Patch > > The file Source/WebKit/gtk/webkit/webkitwebview.cpp no longer exists. > Moreover, all the GTK WebKit1 code was removed in > <http://trac.webkit.org/changeset/166979> (bug #131399). I'm unclear of the > process for fixing GTK WebKit1 bugs with respect to third-party > applications, such as Eclipse. Maybe Martin Robinson or Michael Cantazaro > know? There's no better place to report this bug. We don't look into WebKit1 bugs anymore. Eclipse must upgrade. If Eclipse ever displays untrusted HTML (e.g. if it displays anything from the Internet, or if it allows the user to select files to view), then see <http://webkitgtk.org/security.html> for an overview of the risks of not upgrading. Still, if anyone provides a patch, it could be included in our 2.4 branch in case there is ever a 2.4 release in the future. 225958 2014-03-05 23:44:52 -0800 2016-04-23 11:27:48 -0700 Patch bug-129784-20140306024449.patch text/plain 1395 malaperle SW5kZXg6IFNvdXJjZS9XZWJLaXQvZ3RrL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2Uv V2ViS2l0L2d0ay9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2NTE3NCkKKysrIFNvdXJjZS9XZWJLaXQv Z3RrL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBACisyMDE0LTAzLTA1 ICBNYXJjLUFuZHJlIExhcGVybGUgIDxtYWxhcGVybGVAZ21haWwuY29tPgorCisgICAgICAgIEZp eCBjcmFzaCBpbiB3ZWJraXRfd2ViX3ZpZXdfZXhwb3NlX2V2ZW50IHdoZW4gdXNpbmcgRWNsaXBz ZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTI5Nzg0 CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiB3ZWJr aXQvd2Via2l0d2Vidmlldy5jcHA6CisgICAgICAgICh3ZWJraXRfd2ViX3ZpZXdfc2l6ZV9hbGxv Y2F0ZSk6CisKIDIwMTQtMDMtMDQgIFphbGFuIEJ1anRhcyAgPHphbGFuQGFwcGxlLmNvbT4KIAog ICAgICAgICBFbmFibGUgZGV2aWNlIHBpeGVsIHJlcGFpbnQgcmVjdCB0cmFja2luZy4KSW5kZXg6 IFNvdXJjZS9XZWJLaXQvZ3RrL3dlYmtpdC93ZWJraXR3ZWJ2aWV3LmNwcAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t LSBTb3VyY2UvV2ViS2l0L2d0ay93ZWJraXQvd2Via2l0d2Vidmlldy5jcHAJKHJldmlzaW9uIDE2 NDkxNykKKysrIFNvdXJjZS9XZWJLaXQvZ3RrL3dlYmtpdC93ZWJraXR3ZWJ2aWV3LmNwcAkod29y a2luZyBjb3B5KQpAQCAtOTQyLDcgKzk0MiwxMSBAQCBzdGF0aWMgdm9pZCB3ZWJraXRfd2ViX3Zp ZXdfc2l6ZV9hbGxvY2F0CiAgICAgR1RLX1dJREdFVF9DTEFTUyh3ZWJraXRfd2ViX3ZpZXdfcGFy ZW50X2NsYXNzKS0+c2l6ZV9hbGxvY2F0ZSh3aWRnZXQsIGFsbG9jYXRpb24pOwogCiAgICAgV2Vi S2l0V2ViVmlldyogd2ViVmlldyA9IFdFQktJVF9XRUJfVklFVyh3aWRnZXQpOwotICAgIGlmIChz aXplQ2hhbmdlZCAmJiAhZ3RrX3dpZGdldF9nZXRfbWFwcGVkKHdpZGdldCkpIHsKKyAgICBib29s IGJhY2tpbmdTdG9yZU51bGwgPSBmYWxzZTsKKyAgICBpZiAoIXdlYlZpZXctPnByaXYtPmJhY2tp bmdTdG9yZSkKKyAgICAgICAgYmFja2luZ1N0b3JlTnVsbCA9IHRydWU7CisKKyAgICBpZiAoKGJh Y2tpbmdTdG9yZU51bGwgfHwgc2l6ZUNoYW5nZWQpICYmICFndGtfd2lkZ2V0X2dldF9tYXBwZWQo d2lkZ2V0KSkgewogICAgICAgICB3ZWJWaWV3LT5wcml2LT5uZWVkc1Jlc2l6ZU9uTWFwID0gdHJ1 ZTsKICAgICAgICAgcmV0dXJuOwogICAgIH0K