Bug 269699

Summary: [GTK] Crash in WebPageProxy::getLoadDecisionForIcon
Product: WebKit Reporter: Kdwk <kdwkleung>
Component: WebKitGTKAssignee: Carlos Garcia Campos <cgarcia>
Status: RESOLVED FIXED    
Severity: Normal CC: aperez, bugs-noreply, cgarcia, mcatanzaro, philn
Priority: P2    
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
gdb (bt full; c).txt none

Description Kdwk 2024-02-19 04:07:42 PST 
Created attachment 469957 [details]
gdb (bt full; c).txt

1. Using Gnome Web 46.alpha-8-gfe080d446 (jhbuild), WebKitGTK 2.43.4 (270164@main) (jhbuild), GStreamer 1.22.9
2. Visit reddit.com, wait for a while
3. Crash
Comment 1 Michael Catanzaro 2024-02-19 08:28:07 PST 
Notably bytes=0x0
Comment 2 Michael Catanzaro 2024-02-20 06:42:24 PST 
(In reply to Kdwk from comment #0)
> WebKitGTK 2.43.4 (270164@main) (jhbuild)

Please double check this. One or the other is not right.
Comment 3 Michael Catanzaro 2024-02-20 06:44:19 PST 
OK, I can reproduce. It crashes after just a few seconds when using 274884@main with GStreamer 1.22.8.
Comment 4 Kdwk 2024-02-20 06:45:19 PST 
(In reply to Michael Catanzaro from comment #2)
> (In reply to Kdwk from comment #0)
> > WebKitGTK 2.43.4 (270164@main) (jhbuild)
> 
> Please double check this. One or the other is not right.

What’s not right? I copied this from About Web -> Troubleshooting-> Debugging Information
Comment 5 Michael Catanzaro 2024-02-20 08:37:00 PST 
270164@main is three months old. WebKitGTK 2.43.4 is recent.
Comment 6 Kdwk 2024-02-27 06:42:46 PST 
I believe this is still happening with WebKitGTK 2.43.4 (274974@main)
Comment 7 Philippe Normand 2024-02-28 09:44:42 PST 
(In reply to Kdwk from comment #6)
> I believe this is still happening with WebKitGTK 2.43.4 (274974@main)

Oh yes, with current main, GTK MiniBrowser crashes when loading YT...
Comment 8 Philippe Normand 2024-02-28 10:00:48 PST 
The iconData m_buffer is non-contiguous, so SharedBufferReference::data() returns null...

(gdb) p iconData                                                                                                                                                                                                   
$1 = (const IPC::SharedBufferReference &) @0x7fff4f063cb0: {m_size = 2783, m_buffer = {static isRefPtr = <optimized out>, m_ptr = 0x7f0a850e1280}, m_memory = {static isRefPtr = <optimized out>, m_ptr = 0x0}}    
(gdb) p iconData.m_buffer                                                                                                                                                                                          
$2 = {static isRefPtr = <optimized out>, m_ptr = 0x7f0a850e1280}                                                                                                                                                   
(gdb) p *$2.m_ptr                                                                                                                                                                                                  
$3 = {<WTF::ThreadSafeRefCounted<WebCore::FragmentedSharedBuffer, (WTF::DestructionThread)0>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = std::atomic<unsigned int> = { 1 },                                
      m_deletionHasBegun = std::atomic<bool> = { false },                                                                                                                                                          
      m_isAllocatedMemory = std::atomic<WTF::ThreadSafeRefCountedBase::IsAllocatedMemory> = { WTF::ThreadSafeRefCountedBase::IsAllocatedMemory::Yes }}, <No data fields>},                                         
  m_segments = WTF::Vector of length 2, capacity 16 = {{beginPosition = 0, segment = {static isRef = <optimized out>, m_ptr = 0x7f0a85025cb0}}, {beginPosition = 512, segment = {static isRef = <optimized out>,   
        m_ptr = 0x7f0a85025ce0}}}, m_contiguous = false, m_size = 2783}
Comment 9 Philippe Normand 2024-02-28 10:04:21 PST 
I suppose it's not an issue on Apple ports because the don't USE(UNIX_DOMAIN_SOCKETS) so a different code path is taken?
Comment 10 Philippe Normand 2024-02-28 10:18:19 PST 
This naïve patch seems to work... http://sprunge.us/bpmStR
Comment 11 Adrian Perez 2024-02-28 12:09:07 PST 
(In reply to Philippe Normand from comment #10)
> This naïve patch seems to work... http://sprunge.us/bpmStR

rs=me
Comment 12 Philippe Normand 2024-02-28 12:21:00 PST 
Pull request: https://github.com/WebKit/WebKit/pull/25248
Comment 13 Carlos Garcia Campos 2024-02-29 02:54:33 PST 
Pull request: https://github.com/WebKit/WebKit/pull/25289
Comment 14 EWS 2024-03-01 00:30:34 PST 
Committed 275540@main (6a7b2d62c794): <https://commits.webkit.org/275540@main>

Reviewed commits have been landed. Closing PR #25289 and removing active labels.