Bug 154883
| Summary: | [GTK] Plugin process crash in WebKit::NPObjectMessageReceiver::hasProperty | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | bugs-noreply, cgarcia, mcatanzaro |
| Priority: | P2 | ||
| Version: | Other | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=154882 https://bugzilla.redhat.com/show_bug.cgi?id=1290810 https://bugs.webkit.org/show_bug.cgi?id=154888 https://bugzilla.redhat.com/show_bug.cgi?id=1316102 https://bugzilla.redhat.com/show_bug.cgi?id=1350512 https://bugzilla.redhat.com/show_bug.cgi?id=1322731 https://bugzilla.redhat.com/show_bug.cgi?id=1389269 https://bugzilla.redhat.com/show_bug.cgi?id=1380136 |
||
| Bug Depends on: | |||
| Bug Blocks: | 154891 | ||
Michael Catanzaro
Version-Release number of selected component:
webkitgtk4-2.10.4-1.fc23
Additional info:
reporter: libreport-2.6.3
backtrace_rating: 4
cmdline: /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess 17 /usr/lib64/mozilla/plugins/libgnome-shell-browser-plugin.so
crash_function: WebKit::NPObjectMessageReceiver::hasProperty
executable: /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess
global_pid: 5739
kernel: 4.2.6-301.fc23.x86_64
runlevel: N 5
type: CCpp
uid: 1000
Truncated backtrace:
Thread no. 1 (10 frames)
#0 WebKit::NPObjectMessageReceiver::hasProperty at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Shared/Plugins/NPObjectMessageReceiver.cpp:133
#1 IPC::callMemberFunctionImpl<WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&), std::tuple<WebKit::NPIdentifierData>, 0ul, std::tuple<bool>, 0ul>(WebKit::NPObjectMessageReceiver*, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&), std::tuple<WebKit::NPIdentifierData>&&, std::tuple<bool>&, std::index_sequence<0ul>, std::index_sequence<0ul>) at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/HandleMessage.h:30
#2 IPC::callMemberFunction<WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&), std::tuple<WebKit::NPIdentifierData>, std::make_index_sequence<1ul>, std::tuple<bool>, std::make_index_sequence<1ul> >(std::tuple<WebKit::NPIdentifierData>&&, std::tuple<bool>&, WebKit::NPObjectMessageReceiver*, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&)) at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/HandleMessage.h:36
#3 IPC::handleMessage<Messages::NPObjectMessageReceiver::RemoveProperty, WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&)> at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/HandleMessage.h:105
#4 WebKit::NPObjectMessageReceiver::didReceiveSyncNPObjectMessageReceiverMessage at /usr/src/debug/webkitgtk-2.10.4/x86_64-redhat-linux-gnu/DerivedSources/WebKit2/NPObjectMessageReceiverMessageReceiver.cpp:73
#5 WebKit::NPRemoteObjectMap::didReceiveSyncMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Shared/Plugins/NPRemoteObjectMap.cpp:226
#6 WebKit::WebProcessConnection::didReceiveSyncMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:156
#7 IPC::Connection::dispatchSyncMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/Connection.cpp:838
#8 IPC::Connection::dispatchMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/Connection.cpp:901
#9 IPC::Connection::SyncMessageState::dispatchMessages at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/Connection.cpp:174
Another GNOME Shell browser plugin crash. This one was reported in December, so again, most likely with GNOME Shell 3.18.3. Possibly the same underlying issue as in bug #154882. Full backtrace downstream.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
Another one the crash server thinks is fixed. Sorry for not checking this before reporting. :)
Michael Catanzaro
Got a report of this affecting 2.10.7.
Michael Catanzaro
(In reply to comment #2)
> Got a report of this affecting 2.10.7.
Got a report of this affecting 2.12.3.
Michael Catanzaro
335 reports of this in Fedora, first report is last December. Probably another regression from GNOME Shell browser plugin changes.
Carlos Garcia Campos
This is a bug in the plugin, see the meta bug.