209471 2020-03-24 02:39:37 -0700 [GTK] MiniBrowser: valgrind claims 'Invalid write of size 8' on close 2020-04-01 05:15:48 -0700 1 1 1 Unclassified WebKit WebKitGTK Other Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mcrha webkit-unassigned aperez bugs-noreply cgarcia oldest_to_newest 1633267 0 mcrha 2020-03-24 02:39:37 -0700 I am at r258908 and closing the MiniBrowser shows Invalid write in valgrind. Steps: a) run MiniBrowser b) right-click an image and pick "Open Image in New Window" c) close the window with the image d) close the MiniBrowser With both "close" I use the mouse and click on the "x" button in the window title. valgrind report: ==17379== Thread 1: ==17379== Invalid write of size 8 ==17379== at 0x10417E63B: g_nullify_pointer (gutils.c:2239) ==17379== by 0x10409FFF8: weak_refs_notify (gobject.c:2950) ==17379== by 0x104116EFE: g_data_set_internal (gdataset.c:407) ==17379== by 0x1041173E9: g_datalist_id_set_data_full (gdataset.c:670) ==17379== by 0x10409BC3E: g_object_real_dispose (gobject.c:1200) ==17379== by 0x1038E806B: gtk_window_dispose (gtkwindow.c:3164) ==17379== by 0x10409BE8D: g_object_run_dispose (gobject.c:1257) ==17379== by 0x1040975CF: g_cclosure_marshal_VOID__VOID (gmarshal.c:117) ==17379== by 0x104094231: g_closure_invoke (gclosure.c:810) ==17379== by 0x1040B25A0: signal_emit_unlocked_R (gsignal.c:3635) ==17379== by 0x1040B1892: g_signal_emit_valist (gsignal.c:3391) ==17379== by 0x1040B1E15: g_signal_emit (gsignal.c:3447) ==17379== by 0x413457: browserWindowTryClose (BrowserWindow.c:281) ==17379== by 0x4133BD: browserWindowDeleteEvent (BrowserWindow.c:1120) ==17379== by 0x10391E9EE: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:129) ==17379== by 0x104094925: g_type_class_meta_marshalv (gclosure.c:1034) ==17379== by 0x1040944D3: _g_closure_invoke_va (gclosure.c:873) ==17379== by 0x1040B0BCA: g_signal_emit_valist (gsignal.c:3300) ==17379== by 0x1040B1E15: g_signal_emit (gsignal.c:3447) ==17379== by 0x1038CAD12: gtk_widget_event_internal (gtkwidget.c:7744) ==17379== by 0x1038CAD12: gtk_widget_event_internal (gtkwidget.c:7613) ==17379== by 0x103789128: gtk_main_do_event (gtkmain.c:1817) ==17379== by 0x103789128: gtk_main_do_event (gtkmain.c:1685) ==17379== by 0x103C85EC8: _gdk_event_emit (gdkevents.c:73) ==17379== by 0x103CB7C35: gdk_event_source_dispatch (gdkeventsource.c:367) ==17379== by 0x10413A139: g_main_dispatch (gmain.c:3202) ==17379== by 0x10413B02F: g_main_context_dispatch (gmain.c:3867) ==17379== by 0x10413B214: g_main_context_iterate (gmain.c:3940) ==17379== by 0x10413B63B: g_main_loop_run (gmain.c:4136) ==17379== by 0x1037881AC: gtk_main (gtkmain.c:1323) ==17379== by 0x416539: main (main.c:649) ==17379== Address 0x151ab47f8 is 840 bytes inside a block of size 904 free'd ==17379== at 0x100839A0C: free (vg_replace_malloc.c:540) ==17379== by 0x104142E6F: g_free (gmem.c:192) ==17379== by 0x10415E1ED: g_slice_free1 (gslice.c:1135) ==17379== by 0x1040B76D4: g_type_free_instance (gtype.c:1936) ==17379== by 0x1040A0FFA: g_object_unref (gobject.c:3541) ==17379== by 0x1037890E7: gtk_main_do_event (gtkmain.c:1832) ==17379== by 0x1037890E7: gtk_main_do_event (gtkmain.c:1685) ==17379== by 0x103C85EC8: _gdk_event_emit (gdkevents.c:73) ==17379== by 0x103CB7C35: gdk_event_source_dispatch (gdkeventsource.c:367) ==17379== by 0x10413A139: g_main_dispatch (gmain.c:3202) ==17379== by 0x10413B02F: g_main_context_dispatch (gmain.c:3867) ==17379== by 0x10413B214: g_main_context_iterate (gmain.c:3940) ==17379== by 0x10413B63B: g_main_loop_run (gmain.c:4136) ==17379== by 0x1037881AC: gtk_main (gtkmain.c:1323) ==17379== by 0x416539: main (main.c:649) ==17379== Block was alloc'd at ==17379== at 0x10083880B: malloc (vg_replace_malloc.c:309) ==17379== by 0x104142D14: g_malloc (gmem.c:99) ==17379== by 0x10415DFB1: g_slice_alloc (gslice.c:1024) ==17379== by 0x10415DFF1: g_slice_alloc0 (gslice.c:1050) ==17379== by 0x1040B727E: g_type_create_instance (gtype.c:1836) ==17379== by 0x10409D255: g_object_new_internal (gobject.c:1959) ==17379== by 0x10409E138: g_object_new_valist (gobject.c:2287) ==17379== by 0x10409CE0D: g_object_new (gobject.c:1797) ==17379== by 0x4119F2: browser_window_new (BrowserWindow.c:1140) ==17379== by 0x415217: webViewCreate (BrowserWindow.c:340) ==17379== by 0x107601B27: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2) ==17379== by 0x107601338: ffi_call (in /usr/lib64/libffi.so.6.0.2) ==17379== by 0x1040959D9: g_cclosure_marshal_generic (gclosure.c:1500) ==17379== by 0x104094231: g_closure_invoke (gclosure.c:810) ==17379== by 0x1040B25A0: signal_emit_unlocked_R (gsignal.c:3635) ==17379== by 0x1040B1928: g_signal_emit_valist (gsignal.c:3401) ==17379== by 0x1040B1E15: g_signal_emit (gsignal.c:3447) ==17379== by 0x1011EF898: webkitWebViewCreateNewPage(_WebKitWebView*, WebCore::WindowFeatures const&, _WebKitNavigationAction*) (WebKitWebView.cpp:2327) ==17379== by 0x1011E11D5: UIClient::createNewPage(WebKit::WebPageProxy&, WebCore::WindowFeatures&&, WTF::Ref<API::NavigationAction, WTF::DumbPtrTraits<API::NavigationAction> >&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::DumbPtrTraits<WebKit::WebPageProxy> >&&)>&&) (WebKitUIClient.cpp:67) ==17379== by 0x101128084: operator() (WebPageProxy.cpp:5487) ==17379== by 0x101128084: call (Function.h:52) ==17379== by 0x101128084: operator() (Function.h:84) ==17379== by 0x101128084: trySOAuthorization (WebPageProxy.cpp:5453) ==17379== by 0x101128084: WebKit::WebPageProxy::createNewPage(WebKit::FrameInfoData&&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest&&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > const&, WTF::Optional<WebKit::WebPageCreationParameters> const&)>&&) (WebPageProxy.cpp:5486) ==17379== by 0x100EF4822: callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::FrameInfoData &&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest &&, WebCore::WindowFeatures &&, WebKit::NavigationActionData &&, WTF::CompletionHandler<void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &)> &&), void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &), std::tuple<WebKit::FrameInfoData, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest, WebCore::WindowFeatures, WebKit::NavigationActionData>, 0, 1, 2, 3, 4> (HandleMessage.h:55) ==17379== by 0x100EF4822: callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::FrameInfoData &&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest &&, WebCore::WindowFeatures &&, WebKit::NavigationActionData &&, WTF::CompletionHandler<void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &)> &&), void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &), std::tuple<WebKit::FrameInfoData, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest, WebCore::WindowFeatures, WebKit::NavigationActionData>, std::integer_sequence<unsigned long, 0, 1, 2, 3, 4> > (HandleMessage.h:61) ==17379== by 0x100EF4822: handleMessageSynchronous<Messages::WebPageProxy::CreateNewPage, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::FrameInfoData &&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest &&, WebCore::WindowFeatures &&, WebKit::NavigationActionData &&, WTF::CompletionHandler<void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &)> &&)> (HandleMessage.h:142) ==17379== by 0x100EF4822: WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (WebPageProxyMessageReceiver.cpp:2201) ==17379== by 0x101082C9E: IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (MessageReceiverMap.cpp:140) ==17379== by 0x10116218F: didReceiveSyncMessage (WebProcessProxy.cpp:767) ==17379== by 0x10116218F: non-virtual thunk to WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (WebProcessProxy.cpp:0) ==17379== by 0x10107B31E: IPC::Connection::dispatchSyncMessage(IPC::Decoder&) (Connection.cpp:929) ==17379== by 0x10107B863: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1075) ==17379== by 0x1010778EF: dispatch (Connection.cpp:119) ==17379== by 0x1010778EF: IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) (Connection.cpp:197) ==17379== by 0x105650358: operator() (Lock.h:84) ==17379== by 0x105650358: WTF::RunLoop::performWork() (RunLoop.cpp:119) ==17379== by 0x10569FA15: operator() (RunLoopGLib.cpp:68) ==17379== by 0x10569FA15: WTF::RunLoop::RunLoop()::$_0::__invoke(void*) (RunLoopGLib.cpp:67) ==17379== by 0x10413A139: g_main_dispatch (gmain.c:3202) ==17379== by 0x10413B02F: g_main_context_dispatch (gmain.c:3867) 1636443 1 395156 cgarcia 2020-04-01 03:06:08 -0700 Created attachment 395156 Patch 1636452 2 cgarcia 2020-04-01 05:15:48 -0700 Committed r259339: <https://trac.webkit.org/changeset/259339> 395156 2020-04-01 03:06:08 -0700 2020-04-01 04:18:33 -0700 Patch mb-weak-pointer.diff text/plain 1990 cgarcia ZGlmZiAtLWdpdCBhL1Rvb2xzL0NoYW5nZUxvZyBiL1Rvb2xzL0NoYW5nZUxvZwppbmRleCA3OWEx ZTYwNGRlNGUuLjY4NGI4MTFkYzM0NyAxMDA2NDQKLS0tIGEvVG9vbHMvQ2hhbmdlTG9nCisrKyBi L1Rvb2xzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDIwLTA0LTAxICBDYXJsb3MgR2Fy Y2lhIENhbXBvcyAgPGNnYXJjaWFAaWdhbGlhLmNvbT4KKworICAgICAgICBbR1RLXSBNaW5pQnJv d3NlcjogdmFsZ3JpbmQgY2xhaW1zICdJbnZhbGlkIHdyaXRlIG9mIHNpemUgOCcgb24gY2xvc2UK KyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwOTQ3MQor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoaXMgaXMg YmVjYXVzZSB3ZSBuZWVkIHRvIHJlbW92ZSB0aGUgd2VhayBwb2ludGVyIGFkZGVkIGluIGNoaWxk IHdpbmRvd3MgdG8gdGhlaXIgcGFyZW50LgorCisgICAgICAgICogTWluaUJyb3dzZXIvZ3RrL0Jy b3dzZXJXaW5kb3cuYzoKKyAgICAgICAgKGJyb3dzZXJXaW5kb3dEaXNwb3NlKTogUmVtb3ZlIHRo ZSBwYXJlbnRXaW5kb3cgd2VhayByZWYuCisgICAgICAgIChicm93c2VyX3dpbmRvd19jbGFzc19p bml0KTogQWRkIGRpc3Bvc2UuCisKIDIwMjAtMDMtMzEgIEthdGUgQ2hlbmV5ICA8a2F0aGVyaW5l X2NoZW5leUBhcHBsZS5jb20+CiAKICAgICAgICAgUmVxdWVzdHMgZm9yIG1lc3NhZ2VIYW5kbGVy cygpIGluIHRoZSBET01XaW5kb3cgc2hvdWxkIGJlIGlnbm9yZWQgZm9yIG5vbi1hcHAtYm91bmQg bmF2aWdhdGlvbnMKZGlmZiAtLWdpdCBhL1Rvb2xzL01pbmlCcm93c2VyL2d0ay9Ccm93c2VyV2lu ZG93LmMgYi9Ub29scy9NaW5pQnJvd3Nlci9ndGsvQnJvd3NlcldpbmRvdy5jCmluZGV4IDM3Zjll ZWZiYWZkMS4uMjFjM2MzZDM2YjhiIDEwMDY0NAotLS0gYS9Ub29scy9NaW5pQnJvd3Nlci9ndGsv QnJvd3NlcldpbmRvdy5jCisrKyBiL1Rvb2xzL01pbmlCcm93c2VyL2d0ay9Ccm93c2VyV2luZG93 LmMKQEAgLTcxMSw2ICs3MTEsMTggQEAgc3RhdGljIHZvaWQgYnJvd3NlcldpbmRvd0ZpbmFsaXpl KEdPYmplY3QgKmdPYmplY3QpCiAgICAgICAgIGd0a19tYWluX3F1aXQoKTsKIH0KIAorc3RhdGlj IHZvaWQgYnJvd3NlcldpbmRvd0Rpc3Bvc2UoR09iamVjdCAqZ09iamVjdCkKK3sKKyAgICBCcm93 c2VyV2luZG93ICp3aW5kb3cgPSBCUk9XU0VSX1dJTkRPVyhnT2JqZWN0KTsKKworICAgIGlmICh3 aW5kb3ctPnBhcmVudFdpbmRvdykgeworICAgICAgICBnX29iamVjdF9yZW1vdmVfd2Vha19wb2lu dGVyKEdfT0JKRUNUKHdpbmRvdy0+cGFyZW50V2luZG93KSwgKGdwb2ludGVyICopJndpbmRvdy0+ cGFyZW50V2luZG93KTsKKyAgICAgICAgd2luZG93LT5wYXJlbnRXaW5kb3cgPSBOVUxMOworICAg IH0KKworICAgIEdfT0JKRUNUX0NMQVNTKGJyb3dzZXJfd2luZG93X3BhcmVudF9jbGFzcyktPmRp c3Bvc2UoZ09iamVjdCk7Cit9CisKIHN0YXRpYyB2b2lkIGJyb3dzZXJXaW5kb3dTZXR1cEVkaXRv clRvb2xiYXIoQnJvd3NlcldpbmRvdyAqd2luZG93KQogewogICAgIEd0a1dpZGdldCAqdG9vbGJh ciA9IGd0a190b29sYmFyX25ldygpOwpAQCAtMTEyNiw2ICsxMTM4LDcgQEAgc3RhdGljIHZvaWQg YnJvd3Nlcl93aW5kb3dfY2xhc3NfaW5pdChCcm93c2VyV2luZG93Q2xhc3MgKmtsYXNzKQogICAg IEdPYmplY3RDbGFzcyAqZ29iamVjdENsYXNzID0gR19PQkpFQ1RfQ0xBU1Moa2xhc3MpOwogCiAg ICAgZ29iamVjdENsYXNzLT5jb25zdHJ1Y3RlZCA9IGJyb3dzZXJXaW5kb3dDb25zdHJ1Y3RlZDsK KyAgICBnb2JqZWN0Q2xhc3MtPmRpc3Bvc2UgPSBicm93c2VyV2luZG93RGlzcG9zZTsKICAgICBn b2JqZWN0Q2xhc3MtPmZpbmFsaXplID0gYnJvd3NlcldpbmRvd0ZpbmFsaXplOwogCiAgICAgR3Rr V2lkZ2V0Q2xhc3MgKndpZGdldENsYXNzID0gR1RLX1dJREdFVF9DTEFTUyhrbGFzcyk7Cg==