Bug 183347

Summary: AX: [GTK] WebProcess from WebKitGtk+ 2.19.91 SIGSEVs in webkitAccessibleGetValueAndText() at Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceValue.cpp:71
Product: WebKit Reporter: Andres Gomez Garcia <agomez>
Component: AccessibilityAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: bugs-noreply, mcatanzaro, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
BT from gdb for the WebProcess none

Andres Gomez Garcia
Reported 2018-03-05 14:37:26 PST
Created attachment 335029 [details] BT from gdb for the WebProcess I'm using epiphany 3.27.90-22-ge89d8de with WebKitGtk+ 2.19.91 from gnome-nightly's flatpak. I see often crashed tabs. When inspecting in my system with coredumpctl I've found several cores. In this case, the WebProcess is SIGSEVing. I do not know the conditions for this.
Attachments
BT from gdb for the WebProcess (133.11 KB, text/plain)
2018-03-05 14:37 PST, Andres Gomez Garcia 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2018-03-05 17:03:01 PST
*** Bug 183348 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 2 2018-03-05 17:43:12 PST
It's crashing when retrieving a particular HTTP auth password from the keyring. It's probably triggered by visiting a particular website. If you know which website is triggering this (e.g. our intranet?) then you could investigate with seahorse and see if there is any weird data in the keyring. I don't know about this one. The trap here is that passwordData might not be null-terminated if the data in the keyring has been modified from what WebKit originally set. I think the current code should be safe against that, because it's careful to use the size of the returned data, and it looks like it should also be safe if secret_value_get() returns null or has zero size. I guess I must be wrong about something here, though. We could try null-checking passwordData. We could also try using secret_value_get_text() instead of secret_value_get() in order to get a null-terminated string and not have to use the length overload of String::fromUTF8. I think I would try both, for good measure. The downside of using flatpak is that now it's much harder to give you a debugging patch to try.... Let's see what Carlos thinks.
Michael Catanzaro
Comment 3 2018-03-05 17:43:55 PST
I'm a disaster at Bugzilla today... that comment was meant for bug #183346. Please disregard.
Radar WebKit Bug Importer
Comment 4 2018-03-05 17:45:58 PST
<rdar://problem/38162167>
Note You need to log in before you can comment on or make changes to this bug.