Bug 129784

Summary: Crash in webkit_web_view_expose_event when using Eclipse with overlay-scrollbar (Ubuntu)
Product: WebKit Reporter: Marc-Andre Laperle <malaperle>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: berto, bigbedue, cgarcia, dbates, gustavo, mcatanzaro, mrobinson, zan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch dbates: review-

Marc-Andre Laperle
Reported 2014-03-05 23:28:01 PST
Using Ubuntu 14.04 64 bit (soon to be released), GTK2. with package libwebkitgtk-1.0-0 (built from webkit 2.3.90) or using webkit built from SVN (revision 164917). I originally opened this bug at eclipse.org https://bugs.eclipse.org/bugs/show_bug.cgi?id=425614 1. Download Eclipse Standard 4.3.2 for linux 64 bit http://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/kepler/SR2/eclipse-standard-kepler-SR2-linux-gtk-x86_64.tar.gz 2. Start Eclipse with this command: UBUNTU_MENUPROXY=0 SWT_GTK3=0 ./eclipse 3. If this is a new workspace, it should crash after selecting the workspace location (because it tries to display the welcome screen). If the workspace loads, click Help, Welcome in the menu to force the welcome screen to display. The crash should occur. Back trace: https://bugs.eclipse.org/bugs/attachment.cgi?id=238944 The crashing code in webkitwebview.cpp looks like this: for (int i = 0; i < rectCount; i++) { copyRectFromCairoSurfaceToContext(WEBKIT_WEB_VIEW(widget)->priv->backingStore->cairoSurface(), cr.get(), IntSize(), IntRect(rects.get()[i])); } Basically, in webkit_web_view_expose_event, WEBKIT_WEB_VIEW(widget)->priv->backingStore is null because ChromeClient::widgetSizeChanged doesn't get called...because webView->priv->needsResizeOnMap is false. I think the issue is in webkit_web_view_size_allocate. It assumes that the size changed to allocate the backing store (through needsResizeOnMap). If I add also set needsResizeOnMap to true when the backing store is null, it works. I'm not sure this is the right solution but hopefully this helps someone develop a real fix.
Attachments
Patch (1.36 KB, patch)
2014-03-05 23:44 PST, Marc-Andre Laperle 		dbates: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Marc-Andre Laperle
Comment 1 2014-03-05 23:44:52 PST
Created attachment 225958 [details] Patch
bigbedue
Comment 2 2014-03-17 11:21:36 PDT
Patch from #1 doesn't solve the problem here. Using Arch, see https://bugs.archlinux.org/task/39184. eclipse still crashes.
Marc-Andre Laperle
Comment 3 2014-03-19 21:14:16 PDT
(In reply to comment #2) > Patch from #1 doesn't solve the problem here. Using Arch, see https://bugs.archlinux.org/task/39184. > eclipse still crashes. Are you sure it crashes at the same place? Is backingStore null? FYI, there's also a crash related to the google talk plugin, see https://bugs.eclipse.org/bugs/show_bug.cgi?id=334466
bigbedue
Comment 4 2014-03-24 03:41:01 PDT
Tbh, I don't know if backingStore is null. Can you help me getting a more informative debug output from eclipse? The terminal is not very chatty. I reproduced the error like this: with the UNPATCHED release version of 2.2.5, it crashed "randomly" when displaying tooltips. I also could - kind of - reproduce the welcome-screen thing: 1. went to welcome screen (welcome screen displays, no crash) 2. click on X to close the welcome screen (eclipse crashes, the normal window should have appeared) after the patch, both behaviors were still there. Maybe "my problem" is not exactly what you've fixed? Please also note that i didn't apply the patch to r164917 but on the release version found here: http://webkitgtk.org/releases/webkitgtk-2.2.5.tar.xz. Maybe thats an issue too.
Marc-Andre Laperle
Comment 5 2014-03-25 17:18:23 PDT
(In reply to comment #4) > Tbh, I don't know if backingStore is null. > Can you help me getting a more informative debug output from eclipse? The terminal is not very chatty. Do you have a java crash log file? It should be in the working directory where Eclipse was launched, look for something like hs_err_pid18377.log. If you have a core dump, you could load it in gdb and get a backtrace. The core file should also be in the working directory. If not, you can try changing the core file limit with the command 'ulimit -c unlimited' then starting Eclipse from the same terminal. > Maybe "my problem" is not exactly what you've fixed? That seems probable. I also didn't mention in my original comment that the crash only occurs when overlay-scrollbar is enabled, which I believe is only in Ubuntu. But I think fixing this in webkit source code makes sense because the way I understand the code, it could happen in other circumstances. > Please also note that i didn't apply the patch to r164917 but on the release version found here: http://webkitgtk.org/releases/webkitgtk-2.2.5.tar.xz. Maybe thats an issue too. I'm going to install Arch Linux and try to reproduce your crash. This might take some time.
Marc-Andre Laperle
Comment 6 2014-03-26 07:59:58 PDT
(In reply to comment #5) > > Please also note that i didn't apply the patch to r164917 but on the release version found here: http://webkitgtk.org/releases/webkitgtk-2.2.5.tar.xz. Maybe thats an issue too. > > I'm going to install Arch Linux and try to reproduce your crash. This might take some time. I can't reproduce this with Arch Linux and webkitgtk-2.2.5 installed. I tried both the eclipse package from Arch and downloading it from eclipse.org (version 4.3.2). Let me know if you have more information about the java error log or the core dump. Also, did you check if you have the google talk plugin installed? I tried to install it just to see if it affects anything but I wasn't able to install it from AUR (I'm not sure how to use it).
Marc-Andre Laperle
Comment 7 2014-05-12 10:01:53 PDT
On recent Eclipse builds (Luna), the overlay scrollbars are disabled by default so to reproduce this bug they need to be explicitly enabled with LIBOVERLAY_SCROLLBAR=1
Daniel Bates
Comment 8 2016-04-23 11:27:48 PDT
Comment on attachment 225958 [details] Patch The file Source/WebKit/gtk/webkit/webkitwebview.cpp no longer exists. Moreover, all the GTK WebKit1 code was removed in <http://trac.webkit.org/changeset/166979> (bug #131399). I'm unclear of the process for fixing GTK WebKit1 bugs with respect to third-party applications, such as Eclipse. Maybe Martin Robinson or Michael Cantazaro know?
Daniel Bates
Comment 9 2016-04-23 11:29:40 PDT
I'm marking this bug Resolved Invalid since the GTK WebKit1 source code was removed from the WebKit Open Source Project repository as mentioned in comment #8. We need to find a more appropriate forum for this bug assuming it still exists.
Michael Catanzaro
Comment 10 2016-04-23 13:22:53 PDT
(In reply to comment #8) > Comment on attachment 225958 [details] > Patch > > The file Source/WebKit/gtk/webkit/webkitwebview.cpp no longer exists. > Moreover, all the GTK WebKit1 code was removed in > <http://trac.webkit.org/changeset/166979> (bug #131399). I'm unclear of the > process for fixing GTK WebKit1 bugs with respect to third-party > applications, such as Eclipse. Maybe Martin Robinson or Michael Cantazaro > know? There's no better place to report this bug. We don't look into WebKit1 bugs anymore. Eclipse must upgrade. If Eclipse ever displays untrusted HTML (e.g. if it displays anything from the Internet, or if it allows the user to select files to view), then see <http://webkitgtk.org/security.html> for an overview of the risks of not upgrading. Still, if anyone provides a patch, it could be included in our 2.4 branch in case there is ever a 2.4 release in the future.
Note You need to log in before you can comment on or make changes to this bug.