16795 2008-01-08 20:43:49 -0800 WebKitGtk crashes when there is no focused Frame 2008-02-18 17:24:50 -0800 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED FIXED Gtk P2 Major --- 1 ori webkit-unassigned alp christian jasa.david lethalman88 oldest_to_newest 66618 0 ori 2008-01-08 20:43:49 -0800 Occasionally (eg, as a new tab is being opened in the background) the focus widget is NULL, but an attempt is made to access it. Attached patch adds a check to prevent this. 66621 1 18343 ori 2008-01-08 20:49:18 -0800 Created attachment 18343 Avoid crash when focused widget is NULL Add check to avoid a crash when the focused widget is NULL. 66623 2 alp 2008-01-08 20:54:04 -0800 The Win port systematically null checks focusedFrame(). We might want to do this too, perhaps using g_return_if_fail() in some cases. This bug also exposes an issue in focus control which should be filed separately. 66651 3 lethalman88 2008-01-09 01:51:52 -0800 I can't see anywhere windows doing so many checks, I've seen just two or three of those for focusing stuff. Can you guess any other case for which the focused frame might be NULL? 68205 4 18689 jasa.david 2008-01-25 06:21:21 -0800 Created attachment 18689 Output of gdb in such case Webkit rev. 29753 in Midori 0.0.17 segfaults if I try to open this link in background tab: http://www.linuxdevices.com/news/NS5877802443.html 68207 5 alp 2008-01-25 06:25:23 -0800 A similar issue was noticed in this code: static void webkit_web_view_size_allocate(GtkWidget* widget, GtkAllocation* allocation) { GTK_WIDGET_CLASS(webkit_web_view_parent_class)->size_allocate(widget,allocation); Frame* frame = core(webkit_web_view_get_main_frame(WEBKIT_WEB_VIEW(widget))); frame->view()->resize(allocation->width, allocation->height); frame->forceLayout(); frame->view()->adjustViewSize(); } This causes the crash: Frame* frame = core(webkit_web_view_get_main_frame(WEBKIT_WEB_VIEW(widget))); So either get_main_frame is failing or core() is failing on the frame.. (Problem noticed when user was using Midori and WebKit r29753) 68209 6 jasa.david 2008-01-25 06:33:39 -0800 I've attached gdb output of my crash, which seems similar. I noticed that I can reproduce crash only if I open background link which leads to different site or server. 68220 7 alp 2008-01-25 09:34:49 -0800 The first step in fixing this issue consistently is understanding and validating what core() does in webkitprivate.cpp: WebCore::Page* core(WebKitWebView* webView) { if (!webView) return 0; WebKitWebViewPrivate* webViewData = WEBKIT_WEB_VIEW_GET_PRIVATE(webView); return webViewData ? webViewData->corePage : 0; } So, if webView is NULL, the return is NULL. No warning is given. If webView is not NULL, the return can either be the corePage or NULL. This is pretty much equivalent to what Win does: Page* core(IWebView* iWebView) { Page* page = 0; COMPtr<WebView> webView; if (SUCCEEDED(iWebView->QueryInterface(&webView)) && webView) page = webView->page(); return page; } We need to examine the WebKit API layer code now keeping these rules in mind.. 68224 8 alp 2008-01-25 10:33:59 -0800 Fix for the original issue landed in r29793. Keeping the bug open since there may be a wider issue. 68363 9 jasa.david 2008-01-27 09:54:36 -0800 Midori stopped crashing on loading pages in new tabs with svn 29807. 71094 10 alp 2008-02-18 17:24:50 -0800 Looks like this was resolved around r29793. Re-open if the issue persists. 18343 2008-01-08 20:49:18 -0800 2008-01-08 20:49:18 -0800 Avoid crash when focused widget is NULL no-crash-on-null-focus.patch text/plain 693 ori SW5kZXg6IFdlYktpdC9ndGsvV2ViVmlldy93ZWJraXR3ZWJ2aWV3LmNwcAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t LSBXZWJLaXQvZ3RrL1dlYlZpZXcvd2Via2l0d2Vidmlldy5jcHAJKHJldmlzaW9uIDI5MzI5KQor KysgV2ViS2l0L2d0ay9XZWJWaWV3L3dlYmtpdHdlYnZpZXcuY3BwCSh3b3JraW5nIGNvcHkpCkBA IC0yODQsNyArMjg0LDcgQEAKICAgICBXZWJLaXRXZWJWaWV3UHJpdmF0ZSogd2ViVmlld0RhdGEg PSBXRUJLSVRfV0VCX1ZJRVdfR0VUX1BSSVZBVEUod2ViX3ZpZXcpOwogICAgIEZyYW1lKiBmb2N1 c2VkRnJhbWUgPSB3ZWJWaWV3RGF0YS0+Y29yZVBhZ2UtPmZvY3VzQ29udHJvbGxlcigpLT5mb2N1 c2VkRnJhbWUoKTsKIAotICAgIGlmIChmb2N1c2VkRnJhbWUtPmVkaXRvcigpLT5jYW5FZGl0KCkp IHsKKyAgICBpZiAoZm9jdXNlZEZyYW1lICE9IE5VTEwgJiYgZm9jdXNlZEZyYW1lLT5lZGl0b3Io KS0+Y2FuRWRpdCgpKSB7CiAgICAgICAgIEdka1dpbmRvdyogd2luZG93ID0gZ3RrX3dpZGdldF9n ZXRfcGFyZW50X3dpbmRvdyh3aWRnZXQpOwogICAgICAgICBndGtfaW1fY29udGV4dF9zZXRfY2xp ZW50X3dpbmRvdyh3ZWJWaWV3RGF0YS0+aW1Db250ZXh0LCB3aW5kb3cpOwogI2lmZGVmIE1BRU1P X0NIQU5HRVMK 18689 2008-01-25 06:21:21 -0800 2008-01-25 06:21:21 -0800 Output of gdb in such case gdb_output text/plain 3650 jasa.david JCBnZGIgL3Vzci9iaW4vbWlkb3JpIApHTlUgZ2RiIDYuNi1kZWJpYW4KQ29weXJpZ2h0IChDKSAy MDA2IEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgpHREIgaXMgZnJlZSBzb2Z0d2FyZSwg Y292ZXJlZCBieSB0aGUgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UsIGFuZCB5b3UgYXJlCndl bGNvbWUgdG8gY2hhbmdlIGl0IGFuZC9vciBkaXN0cmlidXRlIGNvcGllcyBvZiBpdCB1bmRlciBj ZXJ0YWluIGNvbmRpdGlvbnMuClR5cGUgInNob3cgY29weWluZyIgdG8gc2VlIHRoZSBjb25kaXRp b25zLgpUaGVyZSBpcyBhYnNvbHV0ZWx5IG5vIHdhcnJhbnR5IGZvciBHREIuICBUeXBlICJzaG93 IHdhcnJhbnR5IiBmb3IgZGV0YWlscy4KVGhpcyBHREIgd2FzIGNvbmZpZ3VyZWQgYXMgImk0ODYt bGludXgtZ251Ii4uLgpVc2luZyBob3N0IGxpYnRocmVhZF9kYiBsaWJyYXJ5ICIvbGliL3Rscy9p Njg2L2Ntb3YvbGlidGhyZWFkX2RiLnNvLjEiLgooZ2RiKSBydW4KU3RhcnRpbmcgcHJvZ3JhbTog L3Vzci9iaW4vbWlkb3JpIApbVGhyZWFkIGRlYnVnZ2luZyB1c2luZyBsaWJ0aHJlYWRfZGIgZW5h YmxlZF0KW05ldyBUaHJlYWQgLTEyNDIzMzk2NDggKExXUCA3NTQ5KV0Kd2FybmluZzogTG93ZXN0 IHNlY3Rpb24gaW4gL3Vzci9saWIvbGliaWN1ZGF0YS5zby4zNiBpcyAuaGFzaCBhdCAwMDAwMDBi NAoKUHJvZ3JhbSByZWNlaXZlZCBzaWduYWwgU0lHU0VHViwgU2VnbWVudGF0aW9uIGZhdWx0Lgpb U3dpdGNoaW5nIHRvIFRocmVhZCAtMTI0MjMzOTY0OCAoTFdQIDc1NDkpXQpXZWJDb3JlOjpGcmFt ZTo6ZWRpdG9yICh0aGlzPTB4ODE5MTQ3OCkgYXQgLi4vLi4vV2ViQ29yZS9wYWdlL0ZyYW1lLmNw cDozNDYKMzQ2ICAgICAuLi8uLi9XZWJDb3JlL3BhZ2UvRnJhbWUuY3BwOiBObyBzdWNoIGZpbGUg b3IgZGlyZWN0b3J5LgogICAgICAgIGluIC4uLy4uL1dlYkNvcmUvcGFnZS9GcmFtZS5jcHAKQ3Vy cmVudCBsYW5ndWFnZTogIGF1dG87IGN1cnJlbnRseSBjKysKKGdkYikgYnQKIzAgIFdlYkNvcmU6 OkZyYW1lOjplZGl0b3IgKHRoaXM9MHg4MTkxNDc4KSBhdCAuLi8uLi9XZWJDb3JlL3BhZ2UvRnJh bWUuY3BwOjM0NgojMSAgMHhiNzgyNzFkZSBpbiBfZ3RrX21hcnNoYWxfQk9PTEVBTl9fQk9YRUQg KGNsb3N1cmU9MHg4MDk5NzAwLCByZXR1cm5fdmFsdWU9MHhiZmNhZmUwMCwgbl9wYXJhbV92YWx1 ZXM9MiwgCiAgICBwYXJhbV92YWx1ZXM9MHhiZmNhZmVkYywgaW52b2NhdGlvbl9oaW50PTB4YmZj YWZkZWMsIG1hcnNoYWxfZGF0YT0weDgxOTE0YzApCiAgICBhdCAvYnVpbGQvYnVpbGRkL2d0aysy LjAtMi4xMi4wL2d0ay9ndGttYXJzaGFsZXJzLmM6ODQKIzIgIDB4YjcyZmNmODkgaW4gPz8gKCkg ZnJvbSAvdXNyL2xpYi9saWJnb2JqZWN0LTIuMC5zby4wCiMzICAweDA4MDk5NzAwIGluID8/ICgp CiM0ICAweGJmY2FmZTAwIGluID8/ICgpCiM1ICAweDAwMDAwMDAyIGluID8/ICgpCiM2ICAweGJm Y2FmZWRjIGluID8/ICgpCiM3ICAweGJmY2FmZGVjIGluID8/ICgpCiM4ICAweGI3ZTcwNWUwIGlu ID8/ICgpIGF0IC4uLy4uL1dlYktpdC9ndGsvV2ViVmlldy93ZWJraXR3ZWJ2aWV3LmNwcDozNTUg ZnJvbSAvdXNyL2xpYi9saWJXZWJLaXRHdGsuc28uMGQKIzkgIDB4YjcyZmU0MmIgaW4gZ19jbG9z dXJlX3VucmVmICgpIGZyb20gL3Vzci9saWIvbGliZ29iamVjdC0yLjAuc28uMAojMTAgMHhiNzJm ZTc3MiBpbiBnX2Nsb3N1cmVfaW52b2tlICgpIGZyb20gL3Vzci9saWIvbGliZ29iamVjdC0yLjAu c28uMAojMTEgMHhiNzMwZjk3MyBpbiA/PyAoKSBmcm9tIC91c3IvbGliL2xpYmdvYmplY3QtMi4w LnNvLjAKIzEyIDB4MDgwOTk3MDAgaW4gPz8gKCkKIzEzIDB4YmZjYWZlMDAgaW4gPz8gKCkKIzE0 IDB4MDAwMDAwMDIgaW4gPz8gKCkKIzE1IDB4YmZjYWZlZGMgaW4gPz8gKCkKIzE2IDB4YmZjYWZk ZWMgaW4gPz8gKCkKIzE3IDB4YjZmYjY4YWMgaW4gX19wdGhyZWFkX211dGV4X3VubG9ja191c2Vy Y250ICgpIGZyb20gL2xpYi90bHMvaTY4Ni9jbW92L2xpYnB0aHJlYWQuc28uMAojMTggMHhiNzMx MDYwZiBpbiBnX3NpZ25hbF9lbWl0X3ZhbGlzdCAoKSBmcm9tIC91c3IvbGliL2xpYmdvYmplY3Qt Mi4wLnNvLjAKIzE5IDB4YjczMTBhMDkgaW4gZ19zaWduYWxfZW1pdCAoKSBmcm9tIC91c3IvbGli L2xpYmdvYmplY3QtMi4wLnNvLjAKIzIwIDB4Yjc5NDU0OTggaW4gZ3RrX3dpZGdldF9ldmVudF9p bnRlcm5hbCAod2lkZ2V0PTB4ODE5MTQ3OCwgZXZlbnQ9MHg4MzI3MWIwKSBhdCAvYnVpbGQvYnVp bGRkL2d0aysyLjAtMi4xMi4wL2d0ay9ndGt3aWRnZXQuYzo0Njc1CiMyMSAweGI3ODIwMzZmIGlu IElBX19ndGtfcHJvcGFnYXRlX2V2ZW50ICh3aWRnZXQ9MHg4MTkxNDc4LCBldmVudD0weDgzMjcx YjApIGF0IC9idWlsZC9idWlsZGQvZ3RrKzIuMC0yLjEyLjAvZ3RrL2d0a21haW4uYzoyMzE3CiMy MiAweGI3ODIxNTg3IGluIElBX19ndGtfbWFpbl9kb19ldmVudCAoZXZlbnQ9MHg4MzI3MWIwKSBh dCAvYnVpbGQvYnVpbGRkL2d0aysyLjAtMi4xMi4wL2d0ay9ndGttYWluLmM6MTUzNwojMjMgMHhi NzY4Y2I5YSBpbiBnZGtfZXZlbnRfZGlzcGF0Y2ggKHNvdXJjZT0weDgwOTE1ZDgsIGNhbGxiYWNr PTAsIHVzZXJfZGF0YT0weDApCiAgICBhdCAvYnVpbGQvYnVpbGRkL2d0aysyLjAtMi4xMi4wL2dk ay94MTEvZ2RrZXZlbnRzLXgxMS5jOjIzNTEKIzI0IDB4YjcyNWQxMWMgaW4gZ19tYWluX2NvbnRl eHRfZGlzcGF0Y2ggKCkgZnJvbSAvdXNyL2xpYi9saWJnbGliLTIuMC5zby4wCiMyNSAweGI3MjYw NTVmIGluID8/ICgpIGZyb20gL3Vzci9saWIvbGliZ2xpYi0yLjAuc28uMAojMjYgMHgwODA5MTYy MCBpbiA/PyAoKQojMjcgMHgwMDAwMDAwMCBpbiA/PyAoKQooZ2RiKSBwcmludCB0aGlzLT5kCiQx ID0gKFdlYkNvcmU6OkZyYW1lUHJpdmF0ZSAqKSAweDg5YTE4NTAKKGdkYikgdGhpcy0+ZC0+bV9l ZGl0b3IKVW5kZWZpbmVkIGNvbW1hbmQ6ICJ0aGlzLT5kLT5tX2VkaXRvciIuICBUcnkgImhlbHAi LgooZ2RiKSBwcmludCB0aGlzLT5kLT5tX2VkaXRvcgokMiA9IHttX2ZyYW1lID0gMHg2MjAwM2Ys IG1fZGVsZXRlQnV0dG9uQ29udHJvbGxlciA9IHs8V1RGTm9uY29weWFibGU6Ok5vbmNvcHlhYmxl PiA9IHs8Tm8gZGF0YSBmaWVsZHM+fSwgbV9wdHIgPSAweDZlMDA2MX0sIAogIG1fbGFzdEVkaXRD b21tYW5kID0ge21fcHRyID0gMHg2NTAwNmV9LCBtX3JlbW92ZWRBbmNob3IgPSB7bV9wdHIgPSAw eDY5MDA3Mn0sIG1fY29tcG9zaXRpb25Ob2RlID0ge21fcHRyID0gMHgzZDAwNjR9LCAKICBtX2Nv bXBvc2l0aW9uU3RhcnQgPSAzMTQ1Nzc3LCBtX2NvbXBvc2l0aW9uRW5kID0gMzIxMTMxNCwgbV9j dXN0b21Db21wb3NpdGlvblVuZGVybGluZXMgPSB7bV9zaXplID0gNjM1NzAzMCwgCiAgICBtX2lt cGwgPSB7PFdURjo6VmVjdG9yQnVmZmVyQmFzZTxXZWJDb3JlOjpDb21wb3NpdGlvblVuZGVybGlu ZT4+ID0ge21fYnVmZmVyID0gMHg3MDAwNmQsIAogICAgICAgIG1fY2FwYWNpdHkgPSA2NDg4MTIz fSwgPE5vIGRhdGEgZmllbGRzPn19LCBtX2lnbm9yZUNvbXBvc2l0aW9uU2VsZWN0aW9uQ2hhbmdl ID0gMTA4LCAKICBtX3Nob3VsZFN0YXJ0TmV3S2lsbFJpbmdTZXF1ZW5jZSA9IGZhbHNlfQooZ2Ri KQo=