Bug 28070

Summary: [Gtk] Crash when saving a password
Product: WebKit Reporter: Bastien Nocera <bugzilla>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: gustavo, jmalonzo, xan.lopez
Priority: P2 Keywords: Gtk
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 28463    
Attachments:
Description Flags
soupauthfix.diff eric: review+, xan.lopez: commit-queue-

Bastien Nocera
Reported 2009-08-07 09:07:47 PDT
1. Go to https://fedorahosted.org/rel-eng/ 2. Click "log in" 3. Enter my credentials and select "save password" 4. Benco! libsoup-2.27.5-1.fc12.x86_64 webkitgtk-1.1.12-1.fc12.x86_64 epiphany-2.27.5-1.fc12.x86_64 (gdb) bt #0 save_password_callback (msg=<value optimized out>, authData=0xea2540) at WebKit/gtk/webkit/webkitsoupauthdialog.c:117 #1 0x00000030d240bb4e in IA__g_closure_invoke (closure=0xee4970, return_value=0x0, n_param_values=1, param_values=0xf00460, invocation_hint=0x7fffffffc610) at gclosure.c:767 #2 0x00000030d2421d06 in signal_emit_unlocked_R (node=0xdf22d0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247 #3 0x00000030d242312e in IA__g_signal_emit_valist (instance=0x994cc0, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffc800) at gsignal.c:2980 #4 0x00000030d24236a3 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=0) at gsignal.c:3037 #5 0x00007ffff57180b0 in io_read (sock=0xe8aae0, msg=0x994cc0) at soup-message-io.c:835 #6 0x00000030d240bb4e in IA__g_closure_invoke (closure=0xe6da00, return_value=0x0, n_param_values=1, param_values=0xe70720, invocation_hint=0x7fffffffca70) at gclosure.c:767 #7 0x00000030d2421d06 in signal_emit_unlocked_R (node=0x9577f0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247 #8 0x00000030d242312e in IA__g_signal_emit_valist (instance=0xe8aae0, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffcc60) at gsignal.c:2980 #9 0x00000030d24236a3 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=0) at gsignal.c:3037 #10 0x00007ffff5722891 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1181 #11 0x00000030d20391be in g_main_dispatch (context=<value optimized out>) at gmain.c:1960 #12 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2513 #13 0x00000030d203cba8 in g_main_context_iterate (context=0x70c250, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591 #14 0x00000030d203cff5 in IA__g_main_loop_run (loop=0x7b06a0) at gmain.c:2799 #15 0x00007ffff6162f07 in IA__gtk_main () at gtkmain.c:1205 #16 0x000000000042d5a5 in main (argc=can't compute CFA for this frame ) at ephy-main.c:781 (gdb) list 112 static void save_password_callback(SoupMessage* msg, WebKitAuthData* authData) 113 { 114 /* Check only for Success status codes (2xx) */ 115 if (msg->status_code >= 200 && msg->status_code < 300) { 116 SoupURI* uri = soup_message_get_uri(authData->msg); 117 gnome_keyring_set_network_password(NULL, 118 authData->username, 119 soup_auth_get_realm(authData->auth), 120 uri->host, 121 NULL, (gdb) p uri $3 = (SoupURI *) 0x0 And with fatal warnings: libsoup-CRITICAL **: soup_message_get_uri: assertion `SOUP_IS_MESSAGE (msg)' failed aborting... Program received signal SIGTRAP, Trace/breakpoint trap. IA__g_logv (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>, args1=0x7fffffffc360) at gmessages.c:512 512 g_private_set (g_log_depth, GUINT_TO_POINTER (depth)); (gdb) bt #0 IA__g_logv (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>, args1=0x7fffffffc360) at gmessages.c:512 #1 0x00000030d20433d3 in IA__g_log (log_domain=0x7ffff52c2e98 "\300\n", <incomplete sequence \351>, log_level=15565728, format=0xed83a0 "\020\001") at gmessages.c:526 #2 0x00007ffff57137a4 in soup_message_get_uri (msg=<value optimized out>) at soup-message.c:1431 #3 0x00007ffff694634a in save_password_callback (msg=<value optimized out>, authData=0xe92190) at WebKit/gtk/webkit/webkitsoupauthdialog.c:116 #4 0x00000030d240bb4e in IA__g_closure_invoke (closure=0xed63b0, return_value=0x0, n_param_values=1, param_values=0xe6a580, invocation_hint=0x7fffffffc600) at gclosure.c:767 #5 0x00000030d2421d06 in signal_emit_unlocked_R (node=0xdf2140, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247 #6 0x00000030d242312e in IA__g_signal_emit_valist (instance=0x994cc0, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffc7f0) at gsignal.c:2980 #7 0x00000030d24236a3 in IA__g_signal_emit (instance=0x7ffff52c2e98, signal_id=15565728, detail=15565728) at gsignal.c:3037 #8 0x00007ffff57180b0 in io_read (sock=0xe96220, msg=0x994cc0) at soup-message-io.c:835 #9 0x00000030d240bb4e in IA__g_closure_invoke (closure=0xf075d0, return_value=0x0, n_param_values=1, param_values=0xefc4a0, invocation_hint=0x7fffffffca60) at gclosure.c:767 #10 0x00000030d2421d06 in signal_emit_unlocked_R (node=0x957750, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247 #11 0x00000030d242312e in IA__g_signal_emit_valist (instance=0xe96220, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffcc50) at gsignal.c:2980 #12 0x00000030d24236a3 in IA__g_signal_emit (instance=0x7ffff52c2e98, signal_id=15565728, detail=15565728) at gsignal.c:3037 #13 0x00007ffff5722891 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1181 #14 0x00000030d20391be in g_main_dispatch (context=<value optimized out>) at gmain.c:1960 #15 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2513 #16 0x00000030d203cba8 in g_main_context_iterate (context=0x70c2c0, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591 #17 0x00000030d203cff5 in IA__g_main_loop_run (loop=0x7ab6e0) at gmain.c:2799 #18 0x00007ffff6162f07 in IA__gtk_main () at gtkmain.c:1205 #19 0x000000000042d5a5 in main (argc=can't compute CFA for this frame ) at ephy-main.c:781
Attachments
soupauthfix.diff (2.57 KB, patch)
2009-09-28 06:30 PDT, Xan Lopez 		eric: review+
xan.lopez: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jan Alonzo
Comment 1 2009-08-07 20:40:37 PDT
CC'ing Gustavo and Xan who are more familiar with libsoup and gnome-keyring in WebKitGtk.
Xan Lopez
Comment 2 2009-08-13 02:26:24 PDT
This code has been changed in latest trunk, could you try again with it (you'll need libsoup master) and tell us if it still crashes? You can also wait for the 1.1.13 release, which will happen soon.
Xan Lopez
Comment 3 2009-08-25 00:15:03 PDT
Epiphany 2.27.91, libsoup 2.27.91 and WebKitGTK+ 1.1.13 are now released.
Gustavo Noronha (kov)
Comment 4 2009-09-01 07:27:30 PDT
Seems to still happen. I think I found the problem, I am testing the fix (waiting for build to finish).
Gustavo Noronha (kov)
Comment 5 2009-09-01 13:14:48 PDT
I have tried debugging this. We seem to have a problem with the reference counting of authData->auth (we do a g_object_unref on it without doing a g_object_ref), but the fact is adding g_object_ref to the initialization of auth, and to just after authenticated doesn't help. We still reach the save password callback with authData->auth as 0x0. This seems to be caused by memory corruption. I was unable to find out what is the actual problem, though. Valgrind log: ==12869== ==12869== Syscall param write(buf) points to uninitialised byte(s) ==12869== at 0xCCC852B: (within /lib/libpthread-2.9.so) ==12869== by 0xE6219E6: unixWrite (sqlite3.c:23842) ==12869== by 0xE5D713E: writeJournalHdr (sqlite3.c:11929) ==12869== by 0xE5D722C: pager_open_journal (sqlite3.c:34594) ==12869== by 0xE5D7357: sqlite3PagerBegin (sqlite3.c:34669) ==12869== by 0xE5E02B3: sqlite3BtreeBeginTrans (sqlite3.c:39351) ==12869== by 0xE5F8E65: sqlite3VdbeExec (sqlite3.c:53624) ==12869== by 0xE5FF887: sqlite3_step (sqlite3.c:49507) ==12869== by 0xE602A2C: sqlite3_exec (sqlite3.c:72147) ==12869== by 0x6FBFD38: exec_query_with_try_create_table (soup-cookie-jar-sqlite.c:242) ==12869== by 0x6FC0118: changed (soup-cookie-jar-sqlite.c:295) ==12869== by 0xB7E951C: g_closure_invoke (gclosure.c:767) ==12869== Address 0x14d544c9 is 9 bytes inside a block of size 1,032 alloc'd ==12869== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==12869== by 0xE61FFC1: sqlite3MemMalloc (sqlite3.c:12342) ==12869== by 0xE5BA748: mallocWithAlarm (sqlite3.c:15530) ==12869== by 0xE5BA81F: sqlite3Malloc (sqlite3.c:15558) ==12869== by 0xE5BBE82: pcache1Alloc (sqlite3.c:29512) ==12869== by 0xE5BBFA5: sqlite3PageMalloc (sqlite3.c:29583) ==12869== by 0xE5C3FD6: sqlite3PagerSetPagesize (sqlite3.c:32906) ==12869== by 0xE5DF037: sqlite3BtreeFactory (sqlite3.c:33837) ==12869== by 0xE5E6837: openDatabase (sqlite3.c:92579) ==12869== by 0x6FC00E0: changed (soup-cookie-jar-sqlite.c:285) ==12869== by 0xB7E951C: g_closure_invoke (gclosure.c:767) ==12869== by 0xB7FF934: signal_emit_unlocked_R (gsignal.c:3177) libsoup-CRITICAL **: soup_auth_save_password: assertion `SOUP_IS_AUTH (auth)' fa iled aborting... ==12869== ==12869== Process terminating with default action of signal 5 (SIGTRAP): dumping core ==12869== at 0xBA668CC: g_logv (gmessages.c:512) ==12869== by 0xBA66C22: g_log (gmessages.c:526) ==12869== by 0x512417A: save_password_callback (webkitsoupauthdialog.c:105) ==12869== by 0xB7E951C: g_closure_invoke (gclosure.c:767) ==12869== by 0xB80003D: signal_emit_unlocked_R (gsignal.c:3247) ==12869== by 0xB8015EE: g_signal_emit_valist (gsignal.c:2980) ==12869== by 0xB801AF2: g_signal_emit (gsignal.c:3037) ==12869== by 0x6D99B5F: io_read (soup-message-io.c:835) ==12869== by 0xB7E951C: g_closure_invoke (gclosure.c:767) ==12869== by 0xB80003D: signal_emit_unlocked_R (gsignal.c:3247) ==12869== by 0xB8015EE: g_signal_emit_valist (gsignal.c:2980) ==12869== by 0xB801AF2: g_signal_emit (gsignal.c:3037)
Xan Lopez
Comment 6 2009-09-28 06:30:48 PDT
Created attachment 40230 [details] soupauthfix.diff Proposed patch.
Eric Seidel (no email)
Comment 7 2009-09-28 17:15:13 PDT
Comment on attachment 40230 [details] soupauthfix.diff Rubber stamp = me.
Xan Lopez
Comment 8 2009-09-28 22:18:00 PDT
Thanks, landed in r48858.
Note You need to log in before you can comment on or make changes to this bug.