Bug 131357

Summary:

[GTK] Plugin process crashes when loading totem plugin

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKit2

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

andersca, bugzilla, bunhere, commit-queue, gustavo, gyuyoung.kim, mrobinson, rakuco, sergio

Priority:

Keywords:

Gtk

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mrobinson: review+
Try to fix EFL build	none

Carlos Garcia Campos

Reported 2014-04-08 06:54:30 PDT

The problem is that totem plugin uses functions NPN_Foo, that are defined inside totem as wrappers for NPNetscapeFuncs. Those functions are also defined in WebCore (npapi.cpp), and it seems the plugin process ends up calling the WebCore ones, and crashes because the NPNetscapeFuncs in WebCore are not initialized (and conflicts with the ones defined in Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp which are passed to the plugin in NP_Initialize). Most of the plugins functions in WebCore are actually only used WebKit1, so I think we shouldn't build some of those files in WebKit2. Maybe we can split WebCore more and add WebCorePlugins library, for example.

Attachments
Patch (72.21 KB, patch) 2014-04-09 08:39 PDT, Carlos Garcia Campos	mrobinson: review+	Details Formatted Diff Diff
Try to fix EFL build (72.25 KB, patch) 2014-04-09 09:17 PDT, Carlos Garcia Campos	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Martin Robinson

Comment 1 2014-04-08 08:32:30 PDT

Could we just wait until we remove the WebKit1 port and the files to the platform source lists?

Carlos Garcia Campos

Comment 2 2014-04-08 08:36:53 PDT

(In reply to comment #1) > Could we just wait until we remove the WebKit1 port and the files to the platform source lists? I want to fix this in the stable branches as well. Are browsers supposed to export NPN functions? or should plugins use the NPNetscapeFuncs struct passed?

Carlos Garcia Campos

Comment 3 2014-04-08 08:37:51 PDT

Note that this is not specific to totem plugin, but to any plugin that defines the NPN functions

Martin Robinson

Comment 4 2014-04-08 08:44:38 PDT

I wonder if there's a way to hide all WebCore symbols from the plugin. Perhaps this is an issue with the way we are linking.

Carlos Garcia Campos

Comment 5 2014-04-08 09:13:57 PDT

Forgot the bt: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff640ea5d in WebCore::PluginView::getValue(NPNVariable, void*) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 (gdb) bt #0 0x00007ffff640ea5d in WebCore::PluginView::getValue(NPNVariable, void*) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #1 0x00007fffe157e12e in totemPlugin::Init(char*, unsigned short, short, char**, char**, _NPSavedData*) () from /usr/lib/mozilla/plugins/libtotem-mully-plugin.so #2 0x00007fffe157b973 in ?? () from /usr/lib/mozilla/plugins/libtotem-mully-plugin.so #3 0x00007ffff5a8e968 in WebKit::NetscapePlugin::initialize(WebKit::Plugin::Parameters const&) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #4 0x00007ffff596158c in WebKit::PluginControllerProxy::initialize(WebKit::PluginCreationParameters const&) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #5 0x00007ffff596566d in WebKit::WebProcessConnection::createPluginInternal(WebKit::PluginCreationParameters const&, bool&, bool&, unsigned int&) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #6 0x00007ffff5965890 in WebKit::WebProcessConnection::createPlugin(WebKit::PluginCreationParameters const&, WTF::PassRefPtr<Messages::WebProcessConnection::CreatePlugin::DelayedReply>) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #7 0x00007ffff5b468a1 in void IPC::handleMessageDelayed<Messages::WebProcessConnection::CreatePlugin, WebKit::WebProcessConnection, void (WebKit::WebProcessConnection::*)(WebKit::PluginCreationParameters const&, WTF::PassRefPtr<Messages::WebProcessConnection::CreatePlugin::DelayedReply>)>(IPC::Connection*, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&, WebKit::WebProcessConnection*, void (WebKit::WebProcessConnection::*)(WebKit::PluginCreationParameters const&, WTF::PassRefPtr<Messages::WebProcessConnection::CreatePlugin::DelayedReply>)) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #8 0x00007ffff5b46690 in WebKit::WebProcessConnection::didReceiveSyncWebProcessConnectionMessage(IPC::Connection*, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #9 0x00007ffff5964b6b in WebKit::WebProcessConnection::didReceiveSyncMessage(IPC::Connection*, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #10 0x00007ffff59588da in IPC::Connection::dispatchSyncMessage(IPC::MessageDecoder&) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #11 0x00007ffff59589f5 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #12 0x00007ffff5959c2d in IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #13 0x00007ffff5b8ad87 in WTF::RunLoop::performWork() () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #14 0x00007ffff5bbc4f8 in WTF::GMainLoopSource::voidCallback() () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #15 0x00007ffff5bbc529 in WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*) () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #16 0x00007ffff136e715 in g_main_dispatch (context=0x64b020) at gmain.c:3066 #17 g_main_context_dispatch (context=context@entry=0x64b020) at gmain.c:3641 #18 0x00007ffff136ea78 in g_main_context_iterate (context=0x64b020, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3712 #19 0x00007ffff136ed3a in g_main_loop_run (loop=0x6f8fa0) at gmain.c:3906 #20 0x00007ffff5ad4ecf in PluginProcessMainUnix () from WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25 #21 0x00007ffff3facb45 in __libc_start_main (main=0x400700 <main>, argc=3, argv=0x7fffffffd818, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd808) at libc-start.c:287 #22 0x0000000000400733 in _start ()

Carlos Garcia Campos

Comment 6 2014-04-08 09:20:57 PDT

(In reply to comment #4) > I wonder if there's a way to hide all WebCore symbols from the plugin. Perhaps this is an issue with the way we are linking. That depends on whether browsers are expected to export NPN API or not

Martin Robinson

Comment 7 2014-04-08 09:24:23 PDT

(In reply to comment #3) > Note that this is not specific to totem plugin, but to any plugin that defines the NPN functions What NPN function is totem implementing? I believe that NPN_Whatever is reserved for the browser. The Mozilla plugin documentation says: "Browser methods are functions implemented by Gecko; the plug-in calls these functions. The names of all the browser functions in the API begin with NPN_, for example, NPN_Write."

Carlos Garcia Campos

Comment 8 2014-04-08 09:31:38 PDT

(In reply to comment #7) > (In reply to comment #3) > > Note that this is not specific to totem plugin, but to any plugin that defines the NPN functions > > What NPN function is totem implementing? I believe that NPN_Whatever is reserved for the browser. The Mozilla plugin documentation says: > > "Browser methods are functions implemented by Gecko; the plug-in calls these functions. The names of all the browser functions in the API begin with NPN_, for example, NPN_Write." All of them, they are just wrappers around the NPNetscapeFuncs. The problem is that the NPN functions we are currently exporting in WebKit2 are the WebCore ones, so even if totem didn't implement those functions, it would end up calling the wrong methods. Only plugins using the NPNetscapeFuncs struct directly currently work in WebKit2.

Carlos Garcia Campos

Comment 9 2014-04-09 08:39:18 PDT

Created attachment 228963 [details] Patch

Martin Robinson

Comment 10 2014-04-09 08:42:43 PDT

Comment on attachment 228963 [details] Patch I'm really glad to see Source/WebCore/plugins/gtk/gtk2xtbin.c finally bite the dust, though perhaps one day we will need Xt plugin support in WebKit2 :(.

Carlos Garcia Campos

Comment 11 2014-04-09 09:17:57 PDT

Created attachment 228964 [details] Try to fix EFL build

Carlos Garcia Campos

Comment 12 2014-04-09 09:54:00 PDT

Committed r167016: <http://trac.webkit.org/changeset/167016>

Carlos Garcia Campos

Comment 13 2014-04-09 09:56:49 PDT

I'll rework it in the stable branches to move the implementation to Source/WebKit/gtk like mac does

Note You need to log in before you can comment on or make changes to this bug.